The Business Cost of Phishing report reveals organizations with 25 IT and security professionals are spending more than $1 million per year to handle phishing
ATLANTA, October 18, 2022 – IRONSCALES, the leader in AI-powered email security and the fastest growing email security company in the world, today announced the results of a new study conducted by Osterman Research to quantify the direct costs borne by organizations in mitigating phishing threats, and to explore expectations about how phishing will change over the next 12 months. The report includes survey responses from more than 250 IT and security practitioners.
The Business Cost of Phishing shows that IT and security teams spend one-third of their time handling phishing threats every week. Seventy percent of organizations spend 16-60 minutes dealing with a single phishing email message. On average, dealing with the threat of a single phishing email takes 27.5 minutes at a cost of $31.32 per phishing message. Most respondents expect the impact of phishing to get worse over the coming 12 months, with 67% expecting the time spent on phishing per week for IT and security teams to stay the same or increase.
“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks,” said Ian Thomas, vice president of Product Marketing at IRONSCALES. “This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks. It also reveals where practitioners feel these attacks will spread next.”
Key Findings
Phishing represents a significant threat to organizations. One-third of organizations indicate phishing is a “threat” or “extreme threat” due to the consequences, such as loss of account credentials, business email compromise and data theft.
The dynamics of phishing attacks are changing. Eighty percent of organizations state that various dynamics of phishing have worsened or remained the same over the past 12 months. These dynamics were the number of phishing attacks (82 percent increased or stayed the same), the sophistication of phishing attacks (80 percent) and the ability of phishing attacks to bypass current detection mechanisms (79 percent).
Concerns with characteristics of phishing threats. A diverse set of increasingly sophisticated phishing threats are causing “concern” or “extreme concern” for organizations including use of adaptive techniques to create unique attributes for each phishing message (51 percent), use of compromised account credentials to hijack current email threads to send phishing threats (48 percent) and use of advanced obfuscation techniques to hide phishing threats (48 percent).
Phishing is spreading to other tools. Almost half of the respondents state that phishing is spreading to tools beyond email, including messaging apps (57 percent), cloud-based file sharing platforms (50 percent) and text messaging services (49 percent).
Recommendations
- Gauge phishing awareness among employees using surveys and incorporate phishing material in future training materials to compensate for any knowledge gaps and reduce the susceptibility to these fraudulent emails.
- Use the principle of least privilege access to ensure that even if an employee’s account gets compromised, your attack surface is minimized by restricting access levels to only what’s necessary for job functions and duties.
- Use phishing simulation and training exercises to give employees practical opportunities at improving their ability to detect social engineering techniques common across various types of attacks.
- If you have a BYOD policy that allows employees to connect their smartphones to your corporate network and apps, update the policy to include specific tips and guidance for employees in ensuring they don’t fall victim to text-based scams.
About IRONSCALES
IRONSCALES is a leading email security company focused on fighting back against today’s modern phishing attacks. Our self-learning, AI-driven platform continuously detects and remediates advanced threats like Business Email Compromise (BEC), credential harvesting, Account Takeover (ATO) and more. We believe our powerfully simple email security solution is fast to deploy, easy to manage and keeps our customers safe. Founded in Tel Aviv, Israel in 2014 by alumni of the Israel Defense Force’s elite Intelligence Technology unit, IRONSCALES is headquartered in Atlanta, Georgia. We are proud to support thousands of customers globally with our award-winning, analyst-recognized platform. Visit www.ironscales.com and connect with us on LinkedIn to learn more.