According to the 2017 Black Hat Portrait of an Imminent Cyberthreat survey of 580 IT security professionals, phishing and social engineering are the greatest concerns (50%), and ransomware is considered the most serious ‘new threat’ (36%).
Other findings included:
- 45% were concerned by sophisticated attacks directly targeting their organization.
- 21% believed accidental data leaks by end users who failed to follow security policies would be a great concern.
- 38% said that the weakest link in IT defences would be end users who violate security policies and are easily fooled by social engineering attacks.
- 35% admitted that phishing and other social engineering attacks take up a great amount of time.
- 39% admitted to fearing cyber attackers who had inside knowledge of their organization.
29% believed that they had enough security staff to defend themselves against current threats, a 3% increase on 2016. Just 42% believed that their organization had a sufficient security budget available to protect themselves against current threats, an increase of 5% on 2016. Although these figures are still low, the small improvement compared to 2016 is encouraging.
Just 31% identified the primary reason for failing IT security strategies as a shortage of qualified people and skills, followed by a lack of commitment and support from senior management (19%), and a lack of integration in security architecture (19%).
It is apparent that senior management needs to equip security professionals with the resources required to effectively maintain a security strategy. Resources are needed to expand the security team, build on the security team’s skills, improve employee awareness of potential threats (as end users are a key concern), and reinforce employee knowledge of internal information security policies.
Spam filters aren’t enough
With phishing attacks increasing in both volume and sophistication, it is important to remain vigilant at all times. The success of email as an attack vector is at least partially because people put too much faith in email security systems. Given the sheer volume of malicious emails that are sent every day and how quickly criminals’ techniques evolve, it’s unreasonable to expect an email security system to catch every piece of spam. The most important line of defense is the person who receives the email. If you are able to identify and properly respond to a malicious email, you can mitigate the danger.
Our Phishing Staff Awareness Course uses real-life examples, tips, and best practice to help staff protect themselves and their organization against malicious emails. By enrolling your employees on this course, you will:
- Alert them to the risks of clicking on suspicious links
- Educate them on phishing and how it works
- Reduce the risk of cyber attacks in your organization
- Help them identify a phishing scam and equip others to avoid a scam if they see one