Proofpoint, Inc. released its seventh annual State of the Phish report, which explores enterprise phishing experiences and provides an in-depth look at user awareness, vulnerability, and resilience. More than 75% of surveyed infosec professionals said their organizations faced broad-based phishing attacks—both successful and unsuccessful—in 2020, and ransomware infections impacted 66% of third-party global survey respondents.
This year’s State of the Phish report examines global third-party survey responses from more than 600 information security professionals in the U.S., Australia, France, Germany, Japan, Spain, and the UK, and highlights third-party survey findings of 3,500 working adults within those same seven countries. The report also analyzes data from more than 60 million simulated phishing attacks sent by Proofpoint customers to their employees over a one-year period, along with approximately 15 million emails reported via the user-activated PhishAlarm reporting button.
“Threat actors worldwide are continuing to target people with agile, relevant, and sophisticated attacks and email remains the top threat vector. As work from home continues for many organizations across the Middle East, it is important for people to understand how to spot and report attempted cyberattacks,” said Emile Abou Saleh, Regional Director, Middle East, and Africa for Proofpoint. “At the end of the day, remote working can often mean that you are not protected by the same safeguards your office has in place”, he concluded.
Proofpoint’s State of the Phish report emphasizes the need for a people-centric approach to cybersecurity protections and awareness training that accounts for changing conditions, like those experienced by organizations throughout the pandemic. Survey findings reveal a lack of tailored training. For example, 82% of infosec survey respondents said their workforce shifted to working from home in 2020, yet only 30% trained users on safe remote working.
Proofpoint’s State of the Phish details actionable advice as well as a deep analysis of the phishing threat landscape to help reduce risk. Key global findings include:
“Social engineering attacks go beyond email as attackers use social media, text messages and even voicemail to trick users. Organizations in the Middle East need to remain alert and foster a strong security culture among its employees through effective and ongoing security awareness training underpinned by a human-centric cybersecurity approach”, added Abou Saleh.
Organizations are encouraged to proactively develop people-centric cybersecurity strategies that account not only for shared experiences across regions, industries, and departments, but also the threats that are unique to their missions, goals, and people.