Products & Releases

One-Quarter Of Worldwide Population At Risk Of Spear Phishing Attacks: Report

Intrepidus Group also finds 60% of corporate employees who were spear phishing targets responded to phishing emails within three hours of receiving them
New York, NY. " March 9, 2009 " Intrepidus Group, a leading provider of information security solutions, today announced initial findings of a research study on the worldwide vulnerability to spear phishing attacks. The Intrepidus Group study was drawn on data from 32 phishing scenarios against a total of 69,000 employees around the world. Key findings of the study include: 23% of people worldwide are vulnerable to targeted/spear phishing attacks.

Phishing attacks that use an authoritative tone are 40% more successful than those that attempt to lure people through reward-giving.

Men and women are both equally susceptible to phishing.

On an average 60% of corporate employees that were found susceptible to targeted spear phishing responded to the phishing emails within three hours of receiving them.

People are less cautious when clicking on active links in emails than when they are requested for sensitive data.

"Our research shows that nearly a quarter of the worldwide corporate workforce is vulnerable to spear phishing attacks"despite the fact they received conventional user awareness training," said Rohyt Belani, leading security expert and CEO of Intrepidus Group. "When you consider organizations that have thousands of employees, each susceptible person that works for that organization can put their corporate data at significant risk. Every organization needs to educate their employees on how to identify and thwart attacks before they fall victim to these increasingly more aggressive cyber crime schemes." Detailed results of the new study will be unveiled by Intrepidus Group CEO, Rohyt Belani in his session, "Why Phishing Schemes Work and How to Thwart Them," during InfoSec World Conference and Expo 2009, Disney Coronado Resort, Orlando, Fla. on March 9, 2009 at 3:45 p.m. About PhishMe PhishMe is a software-as-a-service (SaaS) solution designed to help prevent damage, theft and loss caused by targeted (spear) phishing attacks. PhishMe facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. This method of delivering training materials is recommended by SANS and found to be most effective by researchers at Carnegie Mellon University. About Intrepidus Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading