Nearly All Businesses Suffer Phishing Attacks – Mimecast


Nearly all businesses have suffered some form of phishing attack during the past year, survey finds

Research from security specialist Mimecast has revealed the latest depressing statistics about online cyber security.

Mimecast’s study of “1,025 global IT decision makers” revealed that phishing attacks are the most prominent type of cyberattack, with 94 percent of respondents having experienced phishing and spear phishing attacks in the previous 12 months.

But it doesn’t end there. Social engineering attacks are also on the rise, and all of this is leading to a general loss in confidence in organisation’s cyber defences.

Asking the user to enter their password in Settings is more secure. Credit: Felix Krause

Phishing threat

The Mimecast report comes as cybercriminals continue to use email as a primary vehicle to steal data and deliver advanced threats.

The security firm said that social engineering attacks are a rising concern for organisations because they’re often one of the most difficult to control.

The report found that impersonation attacks increased almost 70 percent (67 percent) in comparison to the results in last year’s report.

The report also discovered that 73 percent of those organisations impacted by impersonation attacks having experienced a direct loss.

These losses included loss of customers (28 percent), financial loss (29 percent) and data loss (40 percent).

Meanwhile phishing attacks remain the most prominent type of cyberattack, and 55 percent of report respondents saw an increase in phishing attacks in the past year.

All of this is impact people’s confidence in their cyber defences.

According to the report, 61 percent believe it is likely or inevitable their organisation will suffer a negative business impact from an email-borne attack this year. The report also found that business-disrupting ransomware attacks are up 26 percent in comparison to last year.

Meanwhile 49 percent of respondents admitted having downtime for two to three days, whereas 31 percent experienced downtime for four to five days.

“Email security systems are the frontline defence for most of attacks. Yet, just having and providing data on these attacks is not what creates value for most respondents,” said Josh Douglas, VP of threat intelligence at Mimecast.

“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect, and not just focus on indicators of compromise which would only address past problems,” said Douglas.

“The Mimecast Threat Analysis Center was also able to identify the top 5 industries being impacted by impersonation attacks which closely aligned with the findings in the report,” he added. “Financial, Manufacturing, Professional Services, Science/Technology as well as Transportation Industries are top targets.”

No surprise

One security expert said that the Mimecast findings should come as no surprise.

“Anyone familiar with the cybersecurity threatscape will not be surprised with these findings,” said Corin Imai, senior security advisor at DomainTools.

“Phishing remains one of the most successful methods of gaining access to a network, with organised gangs leveraging multiple phishing websites from a single IP address (such as DomainTools discovered this week), and independent non-technical actors taking advantage of the phishing-as-a-service kits available on the dark web,” said Imai.

“Not only is this a threat for businesses but for individuals,” he added. “The best advice for keeping safe online remains vigilance to any unsolicited email, and double checking the URL of any website you visit before inputting any PII or downloading any attachments.”

How well do you know the cloud? Try our quiz!