IRONSCALES, the automated phishing prevention, detection and response platform, has announced the results of a recent survey of security professionals at Infosecurity London, Europe’s largest information security conference drawing 15,000 attendees from around the world. During the three-day event, IRONSCALES interviewed 300 security professionals from end user organizations across industry who had IT security as part of their job title.
Upon analysis of the responses, the survey uncovered three common themes:
- Although anti-phishing is a priority, both malicious messages with and without payloads continue to plague the vast majority of businesses.
- Phishing emails remain a primary burden to SOC teams, consuming much of their time with manual email forensics and remediation
- Despite substantial investment, phishing awareness training is not equating to a significant decrease in clicks
(TOP: An example of phishing message. Photo: Lenny Zeltser).
Specific takeaways from the survey include:
- 54% of organizations confirm that their company continues to be plagued by phishing emails on a regular basis
- 85% of respondents said that employees need better inbox tools to detect sophisticated phishing emails
- When asked how prepared their organization is to deal with email phishing, on a scale of 1 – 10 (with 10 being very effective)
- 44% rated their organization a seven or less
- 35% of organizations do not have an email address or a ‘report button’ for employees to share suspicious messages with
- 55% of organizations cited the time to detect phishing messages as the greatest challenge facing their SOC/Security teams
- 24% said performing email forensics on messages received was the greatest threat
- 18% said removing malicious messages from mailboxes was the greatest threat
- 94% agreed that automating the SOC teams’ manual processes from attack detection to response would greatly reduce the amount of damage that can be inflicted on the company
- 38% of organizations reported looking for a combination of automated email forensics, mitigation and remediation; such as in-mail banner alerts that would warn users a message may be fraudulent, human verified phishing intelligence that they could act on, and help from AI solutions that could help predict unknown or unverified phishing emails
- 95% agreed that humans and technology should work side by side in order to better detect and respond to sophisticated email phishing attacks
Phishing Awareness Training Challenges
- 76% of organizations claim to train employees to spot phishing emails
- Less than 50% said that click rates had dropped as a result of employing awareness and training programs.
- 25% confessed that they ‘Didn’t Know’ if click rates had fallen
- When asked how effective phishing awareness training programs are, on a scale of 1 – 10 (with 10 being very effective)
- 60% rated them at a 7 or less
“On average, it takes just 82 seconds between a phishing email passing through the gateway and the first user interacting with the rogue message,” said Eyal Benishti, IRONSCALES founder and CEO. “This survey makes It abundantly clear that while phishing is high on everyone’s radar, organizations continue to struggle to expeditiously deflect the threats posed by email borne attacks. In today’s threat landscape, businesses simply cannot afford to rely on phishing awareness training or overburdened SOC teams when neither are getting the job done. That’s why the IRONSCALES platform was purposefully built in recognition of the reality that phishing mitigation requires humans and machines to consistently work together to defeat the phish.”
The IRONSCALES advanced phishing threat protection platform seamlessly integrates with G-Suite and Microsoft Office365 environments. It was specifically built to automatically prevent, detect and respond to spear-phishing, business email compromise and other sophisticated email phishing attacks that now easily evade secure email gateways and other email security tools. Its automated and multi-layered approach combines:
1. Micro-learning phishing simulation and awareness training to qualify human phishing sensors (IronSchool)
2. Advanced Mailbox-Level Anomaly Detection (IronSights)
3. Automated Phishing Email Incident Detection & Response (IronTraps)
4. Real-time Actionable P2P Phishing Intelligence Sharing (Federation)
(From IRONSCALES blog).