Organizations are drowning in a sea of new sophisticated cyber threats. As suggested in SlashNext’s 2018 Phishing Survey, there is a serious underestimation of the gaps in protections against modern phishing attacks, particularly those that employ short-lived, zero-hour phishing sites.
The survey of 300 IT security decision-makers found that a surprising majority of respondents (95%) did not realize that phishing is at the start of over 90 percent of successful breaches. In fact, as technical security controls and processes improve, exploiting the human attack surface with phishing is becoming a more common and effective tactic to gain access to sensitive assets.
The survey also showed that most companies lack adequate safeguards against zero-hour phishing threats on the web. And while employee phishing awareness and training is cited as the most important phishing protection, the top concern with modern phishing threats is how they’re becoming more legitimate/genuine looking and difficulties in training employees to spot them.
More than 50% of respondents believe there is a growing number of phishing threats on the web and cite this as one of their top concerns. This indicates that most IT security pros are aware their employees are exposed to phishing threats both within email and beyond via ads, search results, pop-ups, social media, chat applications, rogue browser extensions and more. Regardless of what lures a victim to click on a malicious link or visit a malicious phishing site, teams are aware that a single mistaken click can open their companies up to costly data breaches or extortion attempts.
Nearly half of respondents believe their organization experiences more than 50 phishing attacks per month, and 14% believe they experience more than 500 phishing attacks per month. Many phishing attacks now employ short-lived phishing sites, with most lasting just a few hours. As a previously unknown threat, they evade existing security controls and most organizations are left in the dark when it comes to understanding their exposure to modern phishing tactics and in evaluating what solutions are needed to keep employees protected.
The survey was conducted by Survata and was taken by 300 IT security decision-makers in mid-sized firms in the United States in September 2018. For more survey statistics view our Phishing in the Dark infographic and the full report with details of the survey responses.