More than half of companies (54%) continue to face phishing emails on a regular basis, and are looking beyond employee training to find the best solution, according to a report from IronScales, a security firm that offers phishing tools.
The report surveyed 300 security professionals at the recent Infosecurity London conference. When asked how prepared their organization is to deal with email phishing on a scale of one to 10, 44% rated their company as a seven or less. Among the problems were that 35% of organizations said they do not have an email address or a report button for employees to send suspicious messages to, the report found.
Phishing presents a number of problems to security teams, the report found. Some 55% of security pros surveyed said the time it takes to to detect phishing messages was the greatest challenge facing their team, while 24% said performing email forensics on messages received was the largest threat. Another 18% named removing malicious messages from mailboxes as the biggest issue.
SEE: Incident response policy (Tech Pro Research)
Security teams are looking for different solutions to fight phishing, the report found, with 38% reporting looking for a combination of automated email forensics, mitigation, and remediation, including AI solutions that can verify phishing emails. But automation is not the only answer: 95% of security pros agreed that humans and technology should work together to better detect and respond to sophisticated email phishing attacks.
Still, challenges on the human side remain. More than three-quarters (76%) of security professionals said their organization trains employees to recognize phishing emails. But less than half said that phishing click rates had dropped as a result of these training programs.
“On average, it takes just 82 seconds between a phishing email passing through the gateway and the first user interacting with the rogue message,” Eyal Benishti, IronScales founder and CEO, said in a press release. “This survey makes it abundantly clear that while phishing is high on everyone’s radar, organizations continue to struggle to expeditiously deflect the threats posed by email borne attacks.”
The big takeaways for tech leaders:
- 54% of companies face phishing emails on a regular basis. — IronScales, 2018
- 95% of security professionals said that humans and technology should work together to better detect and respond to sophisticated email phishing attacks. — IronScales, 2018