Report: Phishing Attacks Down 10 Percent in 2016

Infosec professionals are 10 percent less likely to report that their organization was the victim of a phishing attack in 2016 than in 2015, though that still means three-quarters of organizations were targeted and half of that same group said phishing attacks are on the rise, according to the latest State of the Phish report from Wombat Security Technologies.

The report found a 64 percent increase in the number of organizations measuring the risk posed by end users. The company also reported that it had examined more simulated phishing e-mails than in the previous year and found that click rates are improving for many industries and for organizations with mature programs.

"Our survey of the general public revealed that more people are aware of the concept of phishing than most of us probably thought," according to the report. "However, these same people struggled to identify what ransomware is. These end users also showed that they put their organizations at risk by doing things like checking personal e-mail on their work devices. Overall, this survey points to the fact that there is work to be done to teach people how to stay safe."

The report is based on "tens of millions of simulated phishing e-mails sent over a 12-month period," according to information released by Wombat, plus more than 500 survey responses from security professionals around the world representing more than 16 industries, as well as a survey of more than 1,000 end users worldwide.

Other key findings of the report include:

  • Users in the education industry were more likely to fall for phishing e-mails that appeared to be corporate communications, clicking through on these phishing attempts at a 30 percent rate — double the general population average of 15 percent;
  • In the United States, 65 percent of survey respondents correctly answered the question, "What is phishing?" In the United Kingdom, 72 percent of respondents answered correctly;
  • 44 percent of infosec professionals surveyed said their organization was the target of a phishing attack via phone call or SMS message, a decrease of 20 percent compared to 2015;
  • 38 percent of respondents said phishing had caused a disruption to employee activities and 27 percent said phishing had led to a malware infection;
  • 41 percent of respondents said they measure the cost of phishing through loss of proprietary information and 35 percent said they measure the loss of employee productivity;
  • Only 34 percent of end users surveyed in the US correctly answered the question, "What is ransomware?" UK respondents did only slightly better at 38 percent;
  • Among security professionals surveyed, 34 percent said their organization had been attacked with ransomware and 2 percent of those who said they were attacked told researchers they had paid the ransom;
  • 61 percent of respondents said their organization had been attacked via spear phishing, or a phishing attack targeted to a specific individual, a decrease of 10 percent compared to 2015;
  • In the US, 50 percent of end users surveyed said they check personal e-mail on their work computer and 49 percent said they check work e-mail on their mobile phone;
  • E-mail and spam filters are the most commonly reported phishing protection, at 94 percent, a decrease of 5 percent from 2016;
  • Advanced malware analysis came in second at 63 percent, an increase of 26 percent compared to 2015; and
  • Cloud e-mails, such as those asking end users to download documents or using a file-sharing service, had the highest click-through rate at 19 percent. Consumer e-mails had the lowest rate at 10 percent.

Read the full report at info.wombatsecurity.com.

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • cloud, database stack, computer screen, binary code, and flowcharts interconnected by lines and arrows

    Salesforce to Acquire Data Management Firm Informatica

    Salesforce has announced plans to acquire data management company Informatica for $8 billion. The deal is aimed at strengthening Salesforce's AI foundation and expanding its enterprise data capabilities.

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • teenager’s study desk with a laptop displaying an AI symbol, surrounded by books, headphones, a notebook, and a cup of colorful pencils

    Survey: Student AI Use on the Rise

    Ninety-three percent of students across the United States have used AI at least once or twice for school-related purposes, according to the latest AI in Education report from Microsoft.

  • consumer electronic devices—laptop, tablet, smartphone, and smart speaker—on a wooden surface with glowing AI icons hovering above

    OpenAI to Acquire Io, Plans Consumer AI Hardware Push

    OpenAI has announced plans to acquire io, an artificial intelligence hardware startup co-founded by former Apple design chief Jony Ive. The deal is aimed at creating a dedicated division for the development of AI-powered consumer devices.