Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Phishing – the hook may be seen, but employees unlikely to report it!

by The Gurus
August 12, 2015
in Editor's News, News
Share on FacebookShare on Twitter

A survey of over 200 IT professionals at this year’s InfoSecurity Europe has found that, while almost 80% of organisations have a process for employees to report phishing emails to the IT/security department, most don’t. In fact, over half of those spoken with (52%) estimated employees report less than 25% of dodgy emails. Digging a little deeper revealed only 8% think that more than 75% of suspicious messages are reported.
This surprising statistic comes in the wake of countless recent phishing incidents surfacing in the media, with some incurring personal costs of almost £50,000. The study, conducted by Phish’d by MWR InfoSecurity – a fully managed phishing assessment service designed to maintain a heightened level of security awareness across an organisation, found that organisations are all too aware that email offers a passage into an organisations’  infrastructure with 64% believing it’s the weakest entry point that could result in the compromise of internal systems.
“I’m reassured by the high percentage of organisations that have a reporting process for phishing messages but somewhere along the line something is going wrong as employees simply aren’t using these reporting processes. The sad reality is that, while spam filters and anti-phishing software will prevent some of the nuisance messages landing in people’s inboxes, more targeted phishing messages are purposefully designed to avoid detection and usually get through to the intended recipient, even in companies using the latest technological controls. Ultimately, it comes down to employees to report targeted phishing attacks; so organisations need to ensure their workforce is educated and empowered enough to use the correct reporting process,” explains James Moore, senior security consultant of Phish’d.
James continues “Our experiences tell us that, if a phishing message does manage to coerce the individual into either clicking or downloading a payload, the malware it delivers will almost certainly slip in and then conceal itself. Once on the network, malware can allow an attacker to start spreading out across a network; turning the compromise of one users’ workstation into a much larger issue. Of course, the ideal is for users not to be tricked in the first place but, assuming someone will be fooled, if other colleagues have reported the message the IT team can at least be aware that something may have got in and start tracing other likely points of entry to contain the damage and eradicate the infection.”
Even companies that have effective tools for reporting scam e-mails tend not to train their employees how to spot them, as only 45% of the companies questioned during this survey regularly train their staff to spot friend from foe in their inboxes. Organisations are often quick to assure their clientele that they keep data secure and stringently maintain their defences against cybercriminals – however this survey highlights that even businesses that have plans and processes to prevent phishing being used as an attack vector, the lack of implementation weakens defences.
 
To find out more about Phish’d, visit https://www.phishd.com/

FacebookTweetLinkedIn
Tags: attackCyberCyber Securitydata breachDatabaseemailHackHackerhackinginformation securityinfosecinfosecurityITit securityMalwareMicrosoftMWRoutlookOWEPatchphish'dPhishingsecurityVulnerability
ShareTweetShare
Previous Post

How can businesses secure against unknown security threats?

Next Post

Dropbox introduces USB key verification for two-step login

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information