Phishing attacks continue to threaten organizations’ digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter.

Recognizing the prevalence of phishing, it’s useful to examine the granular details of this attack method. Doing so can help organizations better train their employees and safeguard their sensitive data. Towards those ends, we turn to Wombat Security’s State of the Phish™ Report.

Now in its fourth year, the State of the Phish™ Report (PDF) synthesizes many data sets. First, it reflects the simulated phishing campaign data collected between 1 October 2016 and 30 September 2017 from thousands of companies spread across 16 industries. Second, it draws upon more than 10,000 information security professionals’ responses to quarterly surveys about their organizations’ experiences with phishing. Finally, it incorporates a third-party phishing awareness study of more than 3,000 users in the United States, United Kingdom, and Germany.

Here are some of the major findings from State of the Phish™ Report 2018.

Findings and Factors

In Wombat Security’s latest report, 76% of information security professionals revealed that their organization experienced phishing attacks in 2017, a percentage which held steady from 2016. Those campaigns consisted of different phishing variations. For instance, forty-five percent of quarterly survey respondents reported vishing and smishing offensives during the year, representing a slight increase over the previous year. Additionally, the number of infosec professionals whose organizations weathered a USB-based social engineering attack declined by a quarter from 2016 to three percent. Finally, more than half (53%) of respondents witnessed spear phishing attacks in 2017, as compared to the 66% of professionals who did so in 2016.

Organizations saw an average click rate of 9% across all simulated (Read more...)