In a recent survey, security professionals in mid to large-sized organizations were asked how to mitigate phishing and malware risk. The answers revealed a mix of the strategies and a healthy dose of concern for the strategies’ efficacy.
Osterman Research conducted an in-depth survey of security-focused professionals for their latest white paper, How to Reduce the Risk of Phishing and Ransomware, sponsored by SlashNext, and here are some of the key takeaways from the research:
- Only half of the organizations believe they are effective at counteracting various phishing and ransomware threats. 37% of organizations believed they were highly effective at counteracting 11 or more of the threat types. Respondents indicated only mid-range confidence in the ability of various groups of employees to recognize phishing attempts through email and other channels.
- Only 16% of organizations reported no security incident related to phishing and ransomware in the past 12 months. In other words, it is a widespread problem for most organizations.
- 92% of respondents would prefer that AI/ML was used to some extent or more. Of the total, 47% wanted AI/ML used often or continually.
- Best practices to reduce the risk of phishing and ransomware include focusing on significant root causes.
While respondents had confidence that training users assisted in stopping phishing and malware from impacting their organization, they had lower confidence in the efficacy of training for detecting phishing through other channels including, social media, browser popups, search results, and rogue apps. Highlighting an area for further attention as threat actors leverage tools beyond email.
Respondents believe effective mitigations against phishing attacks are multi-factor authentication, security awareness training, and removing phishing messages from employees’ mailboxes. However, the greatest concern is phishing attempts making their way to end-users (65%) and their ability to prevent zero-day threats from infecting systems and applications.
Almost all of the respondents (92%) found the use of artificial intelligence (AI) and machine learning (ML) security technologies offered the greatest capabilities to detect, triage, and mitigate security threats and to prioritize high-impact incidents for investigation. In fact, respondents wanted to use AI/ML more than currently deployed.
This full survey provides great insight into how security professionals are thinking about solving the risk of phishing. It reveals that many security professionals believe an integrated approach is essential to stop phishing and malware.
SlashNext’s AI phishing detection cloud with patented SEER technology has the industry’s largest phishing database, delivering 99.07% accuracy and one-in-one million false positives offering the greatest service to detect, triage, and mitigate security threats.
SlashNext inspects billions of internet transactions and millions of suspicious URLs daily using virtual browsers to detect zero-hour phishing attacks across all communication channels. SlashNext’s detection time is faster vs. security vendors listed on VirusTotal. So when phishing campaigns are launched, threats are already blocked, and users are protected immediately.
Read the full report here