Australian businesses are more likely to be vulnerable to phishing attacks and data loss than their international counterparts, a new report has found.
Proofpoint’s global State of the Phish 2019 report compiled and analysed data from tens of millions of simulated phishing emails, compared and contrasted activities and results from organisations and employees across 16 industries, and surveyed nearly 15,000 infosec professionals.
It found that effective phishing attacks are on the rise, and Australians are particularly vulnerable to account compromise and data loss as a result of these hacks.
A phishing attack is an attempt to make a user click a malicious link sent via email that compromises their sensitive data and personal information.
According to the report, APAC users are five times more likely than other countries around the world to experience 26 or more smishing attacks (phishing conducted over text messages) and vishing attacks (phishing conducted over voice) per quarter.
It also found that compared to North America, APAC respondents to the survey were twice as likely to face more than 26 spear phishing attempts (targeted phishing attacks) quartley.
Proofpoint Asia-Pacific VP Tim Bentley said Australian companies are increasingly vulnerable to these types of attacks, and more needs to be done to educate all employees of the risks and necessary safety precautions.
“Australian organisations are battling an ever-changing and persistent threat landscape aimed at compromising employees to gain access to sensitive company data,” Bentley said.
“It is critical that organisations establish a people-centric security strategy that prioritises continuous employee education about social engineering threats and regular testing through simulated phishing attacks.”
The report recommends that Australian companies educate their employees on the dangers of cyberattacks at a fundamental level, simplify reporting and remediation, make it easier to report suspicious activities and emails, and get to know their “very attacked people” – the most vulnerable people in the organisation.
Across the world, the report found that phishing attacks are on the rise, with 83 percent of infosecurity respondents saying there were impacted by these attacks in 2018, up from 76 percent in 2017.
Cyber attackers are increasingly turning their attention to target individuals rather than “technical defences”, the report found.
“Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain and even our time constraints to persuade us to click,” it said.
Proofpoint general manager of security awareness training Joe Ferrara said individuals in companies with access to highly sensitive data are the most targeted by these attacks.
“Email is the top cyber attack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organisation,” Ferrara said.
“As these threats grow in scope and sophistication, it is critical that organisations prioritise security awareness training to educate employees about cybersecurity best practices and establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”
From April 1 to June 30, 242 data breaches had been reported on the Notifiable Data Breaches scheme quarterly report. Of these, 29% (70) were a result of compromised credentials due to phishing.