Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Spear phishing targets one in two organizations

Posted on 19 July 2012.

Proofpoint announced findings from a survey of security IT enterprise decision makers, about email and information security trends.

Key findings include:

Spear phishing is an increasingly serious threat: Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

Larger organizations are more susceptible to phishing attacks: Among organizations with 1,000 or more email users, more than half of respondents (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% didn’t know.

Spear phishing attacks are often the root cause of security breaches: More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

Outbound email reported as the greatest source of data loss risk: Asked which of five risk vectors—outbound corporate email, social media, lost or stolen mobile devices, and online file sharing/collaboration and short messaging services—they felt posed the greatest risk of data loss to their organizations, respondents chose outbound email by a small margin.

Results are as follows:

22% feel outbound email sent from their organizations is the greatest source of data loss risk
19% feel that online file sharing/collaboration solutions (e.g., services such Dropbox, Box and others) are the greatest source of data loss risk
18% feel lost or stolen mobile devices are the greatest source of data loss risk
17% feel postings to social media sites (e.g., Facebook, LinkedIn) represent the greatest source of data loss risk
3% feel that short messaging services (e.g., Twitter, SMS text messaging) are the greatest source of data loss
21% of respondents say they “don’t know” which vector poses the most risk.

More than 330 survey participants submitted their answers via a web-based survey at Proofpoint’s booth at the Microsoft TechEd 2012 conference (June 2012). More than half of respondents were from organizations with 1,000 or more email users. Approximately 99% of respondents held security, risk management/compliance, CIO/CTO/CSO/CISO or other IT job roles, while 1% held academic roles. All respondents considered in these statistics demonstrated familiarity with their organizations’ email security solutions.