EdgeWave, a leading firm providing protection against email account takeover and other social engineering attacks, released a new report entitled “How to Fight the Phishing Epidemic and Win”. The report provides new data to enterprise businesses about inbox threats including spear phishing, business email compromise, and more.
Employees Are Huge Risk for Firms
The most shocking finding is internal data showing that 56% of organizations don’t have any IT policies to guide employees on how to protect their email inboxes. In addition, the research shows that companies very often give their workers little, or unhelpful, instructions for how to avoid getting tricked into clicking phishing attack links.
“Most often companies tell their employees not to click on links or open attachments in suspicious emails,” the report states. “But this advice goes against how technology works for employees to get their job done. Employees are desensitized to all the noise and are often much more willing to click on links, which can prove dangerous.”
The report also cites data showing that 50% of employees reported not clicking a phishing link they had actually in fact clicked. The report claims this lack of awareness is one reason phishing attacks have turned into a multi-million dollar problem not just for the overall ecosystems, but for individual merchants as well.
“On top of investigation costs, organizations are hit with the remediation costs from successful phishing attack,” the report states. “According to the Ponemon Institute, the average recovery cost to businesses from a phishing threat is $300,000. Plus, the cost to contain the malware infection (introduced by the phishing threat) is $1.9 million annually.”
5 Key Phishing Attack Challenges Enterprise Businesses Face
Overall, the report identifies five areas companies should pay attention to when it comes to phishing attacks:
- The scale of the problem
- The Security Gap
- Employee Vulnerabilities
- Security Awareness Training
- IT Resource Constraints
The report provides details and data about fraud prevention best practices for each area. For example, 95% of attacks happened despite a corporate firewall, and the estimated cost of IT remediation after an attack is $52,500.