Risk
11/4/2013
03:27 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ThreatSim's State Of The Phish Finds Most Organizations Do Not Recognize Phishing As A True Threat

The key finding: most organizations (57%) rate phishing as a 'minimal' impact threat

HERNDON, VA--(Marketwired - Nov 4, 2013) - ThreatSim, the leading innovator of simulated phishing training and awareness solutions, today announced key findings for its 2013 State of the Phish awareness index, gauging phishing training, awareness and readiness among 300 IT executives, administrators and professionals in organizations throughout the United States.

The key finding: most organizations (57%) rate phishing as a 'minimal' impact threat (resulting in investigation and account resets), while one in four respondents (27%) reported phishing attacks that led to a 'material' breach within the last year. The survey defined 'material' as some form of malware infection, unauthorized access and lost/stolen data from a breach tied to phishing.

"While material impacts from phishing attacks can cause more damage and headlines, our customers report the cumulative effects from 'minimal' impact events are daily challenges," said ThreatSim CEO Jeff LoSapio. "There is a 'nuisance factor' in which investigations are launched, accounts reset, and staff are unable to work as their laptop is cleaned. The opportunity cost is huge especially for medium size companies where up to 50% of time in a week can be spent handling these 'minimal' impact fire drills. Reducing end user susceptibility to phishing attacks has a direct impact on reducing IT cost and increasing the security team's productivity."

The weekly headlines show that phishing continues to be one of the most active, growing and consistent threat vectors, and State of the Phish findings show most organizations are still not proactive or taking an effective stance to train end users on how not to get phished. The majority (69%) are using ineffective techniques including email notifications, webinars, and in person training.

While sixty percent (60%) of all respondents reported phishing attacks targeting their organization were increasing each year, only 10% are using phishing simulation to train their users, a technique that has proven to reduce users' click rates by up to 80%.

Other key findings from the index include:

· 30% of all respondents plan to increase budget for security training and awareness in 2014.

· 60% of all respondents see the rate of phishing increasing each year.

· 70% of all respondents reported not measuring their organization's exposure to phishing.

· Out-of-date 3rd party software on desktops should be viewed as another critical threat vector. The index found 44% of all respondents are not formally managing 3rd party software, representing a weakness in organizational ability to prevent damage associated with phishing attacks.

"Phishing simulation is proven to be the most effective means to educate end users and reduce susceptibility to phishing attacks," LoSapio said. "While budgets are increasing for thirty percent of all respondents, sadly fewer than ten percent are using this successful technique."

State of the Phish surveys were completed double blind and transmitted electronically via a third-party survey service between Sept. 26 and Oct. 4, 2013. To download the complete key findings and methodology report, including a special report featuring ThreatSim consolidated customer trending data during 2013, visit http://threatsim.com/resources/2013-state-of-the-phish/.

ThreatSim customers, including a top 10 mutual fund firm, a top three U.S. utility and one of the largest government defense contractors, have achieved up to an 80% reduction in the rate of employees who click on phishing e-mail messages. Available in 11 languages and country themes, ThreatSim simulations are extremely realistic, coupled with effective training content that equips employees with the skills to identify and avoid phishing attacks. ThreatSim is a secure hosted Software-as-a-Service that requires no installation or configuration.

About ThreatSim

ThreatSim is the leading innovator of simulated phishing defense training and awareness solutions. Headquartered in Herndon, Va., outside Washington, D.C., ThreatSim delivers highly-scalable, feature-rich, SaaS-based phishing and advanced threat training campaigns that measurably lower organizational risk exposure. ThreatSim customers include large commercial enterprises, SMBs, government organizations and academic institutions. Request a demo, visit www.threatsim.com and follow @ThreatSim.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio