Over the past few years, the number of anti-phishing solutions for enterprises has grown considerably. This is no surprise considering the volume of phishing emails now being used to target businesses. Phishing has become the leading strategy used by hackers and cybercriminals to gain access to corporate networks.
Phishing is not confined to email. Social media websites are also commonly used to spread phishing links, and hackers are compromising websites with increasing frequency and are installing malicious code. Malicious adverts are also used by cybercriminals to drive traffic to bogus websites where drive by malware attacks take place and criminals phish for sensitive information.
Fail to use any anti-phishing solutions and your employees will need to become experts at identifying phishing emails and malicious websites. Unfortunately, a recent study has shown that end users are not particularly good at identifying phishing emails. In fact, should a phishing email arrive in an employee’s inbox, it could be 50/50 as to whether that employee will respond.
Need for Robust Anti-Phishing Solutions for Enterprises Highlighted by Recent Phishing Report
A recent study of 400 companies conducted by PhishMe has produced some alarming figures. The company provides staff training to enterprises to help employees identify and avoid phishing emails. Training exercises were conducted that simulated phishing attacks. Over 4,000 fake phishing emails were sent to employees during the study. The company used numerous phishing templates that closely mirrored the phishing emails being sent by cybercriminals.
Phishing emails were sent requesting the recipients to action to update their computer software. Links to fake news stories were sent. Email recipients were sent special offers and emails mimicked office communications. The latter were found to have the highest overall response rates.
While many employees can identify a phishing email, when emails were sent with the subject “Unauthorized Access,” the average response rate across all industry sectors was 34%. When simulated phishing emails were sent with the subject “File from Scanner,” the average response rate was 36%.
However, some response rates were even higher. When the firm analyzed the results from failed package delivery phishing simulations, 49% of employees in the education industry were found to have responded to the emails. Agriculture and biotech/pharmaceutical company employees did not fare much better. 41% of employees responded to the campaigns. In the telecoms and media sectors, the response rate was 37%.
The study showed just how likely it is for untrained employees to fall for phishing emails. If a similar campaign was launched by a cybercriminal, as many as 4 or more employees out of 10 may fall for the scam and install malware or disclose sensitive information.
What Anti-Phishing Solutions for Enterprises Should be Used?
The study highlighted the importance of conducting staff training to teach employees how to identify phishing emails, but training alone is insufficient. Employees must have their knowledge put to the test. Phishing simulation emails should be sent to employees and the more frequently knowledge is tested – and feedback provided – the better employees become at identifying phishing campaigns.
Anti-phishing solutions for enterprises should also be implemented to reduce the volume of phishing emails that reach employees’ inboxes. It pays not to place too much reliance on end users to always be able to identify phishing emails.
Implementing a robust spam filtering solution is therefore essential. Spam filtering solutions reduce the volume of phishing emails that are delivered to employee inboxes. If as many as 49% of employees have been shown to respond to phishing emails, a spam filtering solution is essential. SpamTitan blocks 99.9% of all email spam, which gives your organization more than a fighting chance of resisting phishing attacks.
Training staff how to identify a phishing email can reduce the likelihood of individuals responding to a scam; however, identifying malicious websites can be much harder, especially when websites are hosting exploit kits. It may be impossible to tell whether a site is probing the browser or plug-ins for security vulnerabilities.
To prevent drive-by malware attacks a software solution is required. A web filtering solution such as WebTitan will provide protection from malicious websites, hijacked sites, and malvertising. Blocking access to websites known to host malware, and filtering the internet to prevent risky sites from being visited, will help you to reduce the risk of phishing attacks to the minimal level.
A recent Spiceworks survey conducted on 200 IT security professionals revealed that 51% of organizations had suffered a malware incident and 38% suffered a phishing attack in 2015. Fail to take any action to combat the risk from malware and phishing attacks and it is only a matter of time before your organization is attacked.