Key findings include:
Spear phishing is an increasingly serious threat: Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.
Larger organizations are more susceptible to phishing attacks: Among organizations with 1,000 or more email users, more than half of respondents (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% didn’t know.
Spear phishing attacks are often the root cause of security breaches: More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.
Outbound email reported as the greatest source of data loss risk: Asked which of five risk vectors—outbound corporate email, social media, lost or stolen mobile devices, and online file sharing/collaboration and short messaging services—they felt posed the greatest risk of data loss to their organizations, respondents chose outbound email by a small margin.
Results are as follows:
- 22% feel outbound email sent from their organizations is the greatest source of data loss risk
- 19% feel that online file sharing/collaboration solutions (e.g., services such Dropbox, Box and others) are the greatest source of data loss risk
- 18% feel lost or stolen mobile devices are the greatest source of data loss risk
- 17% feel postings to social media sites (e.g., Facebook, LinkedIn) represent the greatest source of data loss risk
- 3% feel that short messaging services (e.g., Twitter, SMS text messaging) are the greatest source of data loss
- 21% of respondents say they “don’t know” which vector poses the most risk.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.