PiChris - Fotolia
More than half (57%) of European firms believe they are unprepared for a phishing attack, despite the fact that 78% have been hit by a cyber attack that started that way, a report shows.
Security teams reported that they are struggling to respond to the number of suspicious emails being received, according to the latest European phishing response trends report by phishing defence firm Cofense, formerly known as PhishMe.
The report is based on a survey of 400 IT professionals across a wide range of industry sectors in the UK, France, Germany, the Netherlands and Belgium.
Comparing the findings with a similar survey in the US, the report said the US and Europe differ in their appetite for automated email analysis to solve this problem.
Automated email analysis is on the wish list of 59% of European respondents, but only 33% of US respondents view this as an effective way of dealing with the threat of email-based attacks.
Other key findings of the European report include that the top security concern is phishing and email-related threats, with 41% of respondents saying their biggest anti-phishing challenge is poorly integrated security systems.
The UK reports the most suspicious emails each week across Europe with 23% reporting more than 500, followed by the Netherlands (22%), France (20%), Germany (18%) and Belgium (16%).
With phishing and email-related threats being the main security concern of the European-based survey respondents, the report said it is critical that businesses have an effective strategy to counter the attack vector, which is fully integrated with broader security solutions.
According to Cofense, it is paramount that phishing simulations are like the real thing and encourage reporting which, in turn, can not only stop a malicious email compromising an enterprise’s network, but can also give the incident response team a head start.
“The analysis of email-based attacks gives us extremely valuable insight into the security posture of European organisations,” said Rohyt Belani, co-founder and CEO of Cofense. “What we’re really looking at here is addressing human susceptibility and building human resiliency to work in concert with technology to combat security threats facing Europe.”
Read more about phishing
- More than one million new phishing sites created each month.
- Phishing is no longer just a consumer problem, say experts. The scams are hurting companies’ reputations and bottom lines.
- Email is the number one entry point for data breaches, which includes targeted email attacks such as business email compromise and spear phishing.
- Targeted malware attacks and social engineering schemes such as phishing and whaling pose a growing security threat because cyber criminals are getting help from unwitting users.
According to Belani, technologies alone have proved repeatedly that they can go only so far to protect enterprises. “It is not enough to lock down systems and force users into acting a certain way,” he said. “Instead, we need to build a human-driven phishing defence posture that leverages human instinct for detection and technology to scale response.”
Cyber attacks, particularly those on a scale that can siphon billions of euros from the financial system, involve a complex web of both victims and potential access points for cyber criminals to elevate the severity of an attack, said Belani.
“It is absolutely fundamental, therefore, that hackers are not only identified as early as possible within the attack lifecycle, but that those stopping attackers in their tracks are as joined up as the attackers themselves,” he said.
“In both public and private institutions, we need a robust structure whereby those targeted by spear phishing attacks are conditioned to act as first reporters of malicious emails and begin the incident response chain of events needed to mitigate damage caused by an attack.”
Tim Helming, director of product management at security services firm DomainTools, described the findings of the Cofense report as “worrying but not surprising”.
“Phishing attacks, despite being among the most well-known cyber security attack vectors, are still consistently fooling companies and private individuals,” he said.
Heling said phishing presents such a concern because it is the “spark that ignites a long line of malicious activity, creating a pipeline of infected systems and accessible data for threat actors to leverage in further criminal campaigns”.
He believes companies need to engage with stringent educational campaigns around these issues across all levels of the organisation. ............................................................................................... .............................................................................................