What the new Proofpoint State of the Phish report says
More than 75% of professionals surveyed said that over the course their organizations faced large-scale phishing attacks in 2020 - both successful and blocked; while 66% of the interviewees were affected by ransomware infections.
The State of the Phish 2021 report condenses a global analysis carried out on over 600 security professionals from the United States, Australia, France, Germany, Japan , Spain and the UK, and a parallel survey conducted on 3,500 adult workers in the same seven countries.
The report also analyzes data from more than 60 million simulated phishing attacks sent by Proofpoint customers to their employees in the over a year, along with approximately 15 million emails reported via the user-activated PhishAlarm button.
“Around the world, cybercriminals continue to target people with agile, relevant communications and sophisticated, especially through e-mail, which remains the main threat vector ", says Luca Maiocchi, country manager of Proofpoint Italia.
" Ensuring that users understand how to identify and report tempted vi of cyber attack is undeniably critical to business, especially as users continue to work remotely, often in a less secure environment. While many organizations claim to provide safety awareness training to their employees, our data shows that most are not doing enough. ”
The State of the Phish report underscores the need for a people-centered approach to IT cybersecurity protection and training that takes into account changing conditions, such as those experienced by companies during the pandemic. Survey results reveal a lack of personalized training.
For example, for 90% of respondents in the US, the workforce switched to a work-from-home model over the past year, but only 29% said they trained users on secure remote working.
Proofpoint's State of the Phish report offers helpful advice and in-depth analysis of the phishing threat landscape to help reduce risk . More organizations received successful phishing attacks in 2020 than in 2019 (57% vs.55%), with corporate email compromise (BEC) attacks continuing to be a serious concern. br>
Of the two-thirds of respondents who said they suffered a ransomware attack in 20-20, more than half decided to pay the ransom in hopes of quickly regaining access to their data. Of those who paid, 60% regained access to data / systems after the first payment.
However, nearly 40% were affected by further ransom demands after the first transaction - an increase 320% compared to the previous year. 32% reported agreeing to pay additional ransom demands, an increase of 1,500% over 2019.
80% of organizations surveyed indicated that security awareness training reduced susceptibility to phishing. However, despite 98% of professionals saying their organization has a training program, only 64% offer formal training sessions to users as part of their cybersecurity training initiatives.
The overall average rate Proofpoint customer phishing simulation error was 11%, down from 12% in 2019. The overall average resilience factor of 1.2 indicates that, in general, users of these organizations are more likely to report a suspicious email that interacting (without awareness) with it.
Manufacturing companies faced the highest average volume of actual phishing attacks in 2020, according to Proofpoint Threat Research. Organizations in this industry have been among the most active in testing their users' response to phishing threats, achieving an overall error rate of 11%.
At the division level, purchasing teams are the best performing states with an average error rate of 7%, while the maintenance and facilities departments performed the worst, with average error rates of 15% and 17% respectively.
