Security Market Segment LS
Monday, 08 February 2021 21:06

Phishing still a problem, says Proofpoint

By
Proofpoint ANZ area vice president Crispin Kerr Proofpoint ANZ area vice president Crispin Kerr

Security company Proofpoint's seventh annual State of the Phish report reveals that nearly three-quarters (74%) of surveyed infosec professionals in Australia said their organisations faced broad-based phishing attacks in 2020.

In addition to phishing, ransomware is still another significant problem with two-thirds of Australian survey respondents saying their organisations were affected.

User training – or the lack of it – could be part of the problem.

While 80% of Australian survey respondents said their workforce shifted to working from home in 2020, only 32% said they trained users on safe remote working.

For example, "42% of Australian workers say they allow their friends and family to access work-issued devices to check emails, use social media, shop online, play games, and other activities," said Proofpoint ANZ area vice president Crispin Kerr.

"Although this is an improvement from what our survey showed a year ago – where 51% of Australian workers allowed such activities in their work-issued devices – these ongoing gaps still represent a very significant risk and reinforce the need for security awareness training initiatives that are tailored to the remote workforce,” he added.

According to Kerr, email remains the top threat vector in Australia – and globally, for that matter, so it is critical to train users how to spot and report attempted cyberattacks, especially when working remotely.

"While many organisations in Australia say they are delivering security awareness training to their employees, our data shows most are not doing enough,” he said.

On the subject of ransomware, 67% of Australian infosec professional respondents said their organisations were victim of a ransomware infection in 2020 as a result of successful phishing attacks, up from 54% the year before. This is well above the global average of 47%.

Among the Australian organisations that paid the ransom, only 50% received their data back after the first payment. Another 43% got hit with follow-up ransom demands that they agreed to pay, eventually regaining access to their data.

Training does appear to pay off: 86% of surveyed Australian organisations surveyed said security awareness training has reduced phishing susceptibility. However, only 68% offer formal training sessions to users as part of cybersecurity training initiatives.

Around a quarter of Australian organisations rely solely on using simulated phishing tests. The 'big stick' is also being wielded, as half of the local infosec survey respondents said their organisation punishes employees who regularly fall for real or simulated phishing attacks.

That doesn't just mean additional training. 76% said measures include counselling from the infosec team, 72% use disciplinary actions such as a written warning enforced by HR, and 64% use it as a negative factor during yearly performance reviews.

Given some previous findings that repeated training does not make much difference to the likelihood of the unwanted behaviour being repeated, it is interesting to note that 88% said a consequence model led to an improvement in employee awareness.

Part of the problem could be that while 59% of Australian workers know they should be suspicious of all unsolicited emails, 22% of Australian workers think their organisations will automatically block all dangerous messages.

So it seems that both skill and technology improvements are still needed.

The 2020 State of the Phish Report is available here (registration required).


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments