Phishing Attacks Down 10 Percent in 2016

Information security professionals are 10 percent less likely to report that their organization was the victim of a phishing attack in 2016 than in 2015, though that still means three-quarters of organizations were targeted and half of that same group said phishing attacks are on the rise, according to the latest State of the Phish report from Wombat Security Technologies.

The report found a 64 percent increase in the number of organizations measuring the risk posed by end users. The company also reported that it had examined more simulated phishing e-mails than in the previous year and found that click rates are improving for many industries and for organizations with mature programs.

"Our survey of the general public revealed that more people are aware of the concept of phishing than most of us probably thought," according to the report. "However, these same people struggled to identify what ransomware is. These end users also showed that they put their organizations at risk by doing things like checking personal e-mail on their work devices. Overall, this survey points to the fact that there is work to be done to teach people how to stay safe."

The report is based on "tens of millions of simulated phishing e-mails sent over a 12-month period," according to information released by Wombat, plus more than 500 survey responses from security professionals around the world representing more than 16 industries, as well as a survey of more than 1,000 end users worldwide.

Other key findings of the report include:

  • Users in the education industry were more likely to fall for phishing e-mails that appeared to be corporate communications, clicking through on these phishing attempts at a 30 percent rate — double the general population average of 15 percent;
  • In the United States, 65 percent of survey respondents correctly answered the question, "What is phishing?" In the United Kingdom, 72 percent of respondents answered correctly;
  • 44 percent of infosec professionals surveyed said their organization was the target of a phishing attack via phone call or SMS message, a decrease of 20 percent compared to 2015;
  • 38 percent of respondents said phishing had caused a disruption to employee activities and 27 percent said phishing had led to a malware infection;
  • 41 percent of respondents said they measure the cost of phishing through loss of proprietary information and 35 percent said they measure the loss of employee productivity;
  • Only 34 percent of end users surveyed in the US correctly answered the question, "What is ransomware?" UK respondents did only slightly better at 38 percent;
  • Among security professionals surveyed, 34 percent said their organization had been attacked with ransomware and 2 percent of those who said they were attacked told researchers they had paid the ransom;
  • 61 percent of respondents said their organization had been attacked via spear phishing, or a phishing attack targeted to a specific individual, a decrease of 10 percent compared to 2015;
  • In the US, 50 percent of end users surveyed said they check personal e-mail on their work computer and 49 percent said they check work e-mail on their mobile phone;
  • E-mail and spam filters are the most commonly reported phishing protection, at 94 percent, a decrease of 5 percent from 2016;
  • Advanced malware analysis came in second at 63 percent, an increase of 26 percent compared to 2015; and
  • Cloud e-mails, such as those asking end users to download documents or using a file-sharing service, had the highest click-through rate at 19 percent. Consumer e-mails had the lowest rate at 10 percent.

The full report can be found at info.wombatsecurity.com.

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • AI toolbox containing a wrench, document icon, gears, and a network symbol

    Common Sense Media Releases Free AI Toolkit, AI Readiness & Implementation Guides

    Common Sense Media has developed an AI Toolkit for School Districts, available to educators free of charge, that provides guidelines and resources for implementing AI in education.

  • elementary school building with children outside, overlaid by a glowing data network and transparent graphs

    Toward a Holistic Approach to Data-Informed Decision-Making in Education

    With increasing access to data and powerful analytic tools, the temptation to reduce educational outcomes to mere numbers is strong. However, educational leadership demands a more holistic and thoughtful approach.

  • three silhouetted education technology leaders with thought bubbles containing AI-related icons

    Ed Tech Leaders Rank Generative AI as Top Tech Priority

    In a recent CoSN survey, an overwhelming majority of ed tech leaders (94%) said they see AI as having a positive impact on education. Respondents ranked generative AI as their top tech priority, with 80% reporting their districts have gen AI initiatives underway, or plan to in the current school year.

  • AI-powered individual working calmly on one side and a burnt-out person slumped over a laptop on the other

    AI's Productivity Gains Come at a Cost

    A recent academic study found that as companies adopt AI tools, they're not just streamlining workflows — they're piling on new demands. Researchers determined that "AI technostress" is driving burnout and disrupting personal lives, even as organizations hail productivity gains.