The latest State of the Phish report from security firm Proofpoint examined global data from nearly 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period - along with third-party survey responses from more than 600 information security professionals in Australia, the US, France, Germany, Japan, Spain, and the UK.
“Australian organisations must take an active approach to cybersecurity education. Criminals are constantly refining their attack methods, using sophisticated emails lures, phone calls, and SMS to snare as many victims as possible,” said Crispin Kerr, Australian and New Zealand Country Manager for Proofpoint.
“Attackers do their homework, and their messages often seem personally relevant to recipients. Regular company-wide training is crucial to make sure staff can spot the warning signs and keep themselves and their organisation safe.”
Additional key Australian findings include:
- The research also uncovered that 63% of Australian companies provide company-wide cybersecurity training—highlighting the opportunity for increased user training to help combat cyberattacks in 2020.
- Cybercriminals are also using increasingly sophisticated methods to lure victims. 52% of Australian organisations experienced vishing, which sees criminals impersonating legitimate sources via phone calls, while 58% experienced smishing, which uses SMS as a channel to attack users.
- The report also showed more than half (56%) of Australian organisations report that rate of phishing attacks observed either decreased or stayed the same in comparison to the previous 12 months, reflecting the new tendency of criminals to forgo high-volume attacks in favour of more targeted methods.
- Despite 79% of Australian organisations reporting a reduction in phishing susceptibility after the delivery of cybersecurity training, just over half (53 per cent) conduct active cybersecurity training by way of simulated phishing attacks — one of the most effective way of educating staff.