The battle against phishing attacks is still very much on, with a majority of enterprises reporting attacks in 2017.
According to Wombat Security Technologies’ State of the Phish report, about three quarters (76%) of organizations experienced phishing attacks in 2017. Nearly half of information security professionals said the rate of attacks increased from 2016. The impacts of phishing were also more broadly felt than in 2016, with a more than 80% increase in reports of malware infections, account compromise, and data loss related to phishing attacks.
Another key finding of the report is that there is continued momentum for anti-phishing education. For the fourth consecutive year, Wombat saw an increase in the number of organizations that assess and train their users on phishing avoidance. There is also increased use of computer-based training, with the number of organizations using such training rising from 62% in 2016 to 79% in 2017.
Wombat customers show positive trends and progress within their programs, with declining click rates and increases in the number of suspicious emails identified and reported by end users. Unfortunately, awareness of phishing and ransomware has not trickled down to the average technology user. Across all populations, adults aged 55 and older significantly outpace millennials in their recognition of what phishing is.
Smishing (SMS/text message phishing) to be an an emerging threat as 45% of professionals reported phishing via phone calls (vishing) and SMS/text messaging (smishing).