Our colleagues at Phishme released the results of their US Phishing Response Trends Report, which looked at the phishing response strategies of two hundred senior IT security decision-makers across a variety of large industries in the United States.

The report shows that businesses are still the most worried about and least prepared for phishing attacks. In fact, most organizations feel they have little, if any, expertise in anti-phishing and many feel their phishing incident response processes are weak.

Aside from mass-distributed general phishing campaigns, hackers continue to target key individuals in the finance or accounting departments through Business Email Compromise (BEC) scams or CEO email fraud.

By impersonating chief-executives or finance officers, attackers attempt to solicit money transfers or fast wires of cash from unsuspecting targets and will also use those scams to deploy dangerous malware or ransomware.

According to the FBI’s Internet Crime Complaint Center (IC3), BEC attacks have generated more than $5.3 billion USD in actual and attempted losses, affecting more than 131 countries worldwide.

More than 50% of businesses that responded have revenues exceeding $1.5 billion and represented a wide variety of industries, including business services, high tech, healthcare, retail, telecom, manufacturing and more.

Key findings of the report:

One-third of respondents see more than 500 suspicious emails weekly.
Yet, only 26% of surveyed IT executives have a dedicated inbox for suspicious emails.
100% of respondents have layers of security solutions in place to help them combat email and phishing threats.
Two-thirds of surveyed IT executives have dealt with a security incident originating with a deceptive email.
90% worry most about email-related threats: spear phishing, phishing in general or whaling.
Half of the respondents say their biggest challenge is too many threats and too few responders.
43% of respondents say their phishing response ranged from “totally ineffective” to “mediocre.
80% of surveyed IT execs plan to upgrade their phishing prevention and response.

This is excellent ammo to get (more) IT security budget. Here is the press release with a link to the download.

This blog originally appeared on KnowBe4.

About the Author

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.