Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Phishing attacks primary concern for two-thirds of BDMs

Post a Fraud Alert:

The last 18 months have seen significant changes in the types of threats that organisations must deal with. The increase in volumes is taken for granted by most businesses, but in addition to dealing with a vast quantity of low-level attackers, they are also having to educate employees about threats that are much more targeted and almost impossible to spot.

Although awareness of phishing and spear phishing is high, individuals are still sometimes being duped through no fault of their own because attacks are designed to exploit the very things that make us human.

A survey by Computing of 110 decision makers from a range of businesses looked at the areas they believed were most vulnerable to security breaches and the types of threat that were seen to be increasing in severity.

Read the full survey results and analysis in this research paper ‘Real-time threats require real-time defences’.

Download now

The top concern, by a significant margin, was the fear of phishing and/or spear phishing attacks. 66% of respondents identified these types of attack as increasing in severity and/or frequency, followed by 52% identifying ransomware as a significant threat.

Awareness of these attacks among the survey’s respondents is high, but the degree to which that awareness extends to employees is variable.

Lower-ranking employees are generally more likely to be duped by emails asking for their network credentials or enticing them to click on a link to upgrade their mailbox size. Business decision makers, particularly those in charge of larger budgets, are more likely to be aware that they are a target but despite this, some are still falling victim.

The most common attack against high ranking executives is carefully crafted attacks which spoof email addresses of colleagues and mimic their style of writing in requests for funds. Such socially engineered attacks targeting specific individuals were seen as a significant concern by 37% of respondents.

‘Real-time threats require real-time defences’ explores the threats that are facing businesses today and the role that real-time threat detection can play in preventing attacks.

Download now

Most phishing attempts caught before impact

Of all the respondents who had been victims of a data breach or attack, 84% of them had experienced a phishing or spear-phishing attack. The majority of those affected (approximately three-quarters) identified the attack before it had any impact. The remainder were not as fortunate, identifying the type of attack only after the damage was done.

Any strong risk management programme will focus not just on protection, but on how to recover from any breach. Almost half of all those surveyed who had been victims of an attack managed to remediate in minutes. 30% did so in hours and a less fortunate 14% took days. Just 3% took weeks to neutralise the problem.

It’s becoming clear that the management-heavy antivirus solutions still in place in many organisations are neither keeping their data and systems safe, nor providing the agility needed. It’s common to refer to infrastructure that has been in place for several years as ‘legacy’. However, such is the pace of change in the threat landscape that the age of a security tool is less relevant than its type.

The frequency of successful attacks on businesses illustrates the ineffectiveness of many traditional security solutions in such a fluid threat environment.

Picture: Shutterstock

Article source: