Barracuda: In 2022, 50% of companies surveyed were victims of spear phishing, and 24% had at least one email account compromised via account takeover. The ‘2023 Spear-Phishing Trends’ survey involved IT professionals in different roles from 1,350 companies with 100 to 2,500 employees, belonging to different sectors and operating in the USA and in various EMEA and Apac countries.
The report presents proprietary spear phishing data and analysis, drawing on a data set comprising 50 billion emails, including approximately 30 million spear phishing messages, relating to 3.5 million mailboxes. Research shows that cybercriminals continue to target organizations with targeted email attacks and many businesses struggle to defend themselves. While the volume of spear phishing attacks is low, they are widespread and have a high success rate compared to other types of email attacks.
The main highlights of the spear phishing alert
- Spear phishing is widely widespread. 50% of companies analyzed fell victim to spear phishing in 2022. A typical company receives 5 personalized spear-phishing emails every day.
- Attacks have a high success rate. According to Barracuda data, spear phishing accounts for just 0.1% of total email attacks, yet are responsible for 66% of breaches.
- Companies are blaming the impact. 55% of those affected by spear phishing attacks reported machines infected with malware or viruses. 49% experienced theft of sensitive data, while 48% experienced theft of login credentials and 39% suffered direct financial damages.
Longer times
- Threat detection and response remain a challenge. iInn on average, it takes companies nearly 100 hours to locate, respond to, and remediate an email threat after receiving it. That is 43 hours for attack detection and 56 for response and remediation.
- Remote working increases the dangers. Users of companies with more than 50% of staff working remotely report higher levels of suspicious emails. On average 12 per day, against 9 of companies with less than 50% of staff in smart working.
Allarme spear phishing
The greater the number of remote workers, the more this it is detection and response. Organizations with more than 50% of staff remotely also have longer detection and response times to email security incidents. In other words: 55 hours to detect them and 63 to remedy them, against an average of 36 and 51 hours, respectively, for companies with a smaller percentage of workers in smart working.
Invest more resources
Fleming Shi, Cto the Barracuda
Even though the volume of spear phishing is low, this threat, which employs targeted attack and social engineering tactics, produces a huge number of successful breaches. And the impact of a single attack can be devastating.Per counter With these attacks so effective, companies need to invest in AI-powered account takeover protection solutions. These tools will be much more effective than rule-based detection mechanisms. Better detection will help stop spear phishing with a reduction in the response needed during an attack.