Campbell, California, May 24, 2023 – Barracuda Networks Inc. (Barracuda), an esteemed ally and leading provider of security solutions powered by the cloud, has released its much-anticipated report on spear-phishing trends for 2023. The report unveils a startling statistic, revealing that a staggering 50% of the organizations surveyed fell victim to spear-phishing attacks in the year 2022. Furthermore, it highlights the alarming fact that 24% of these organizations experienced compromised email accounts due to account takeovers.
The comprehensive report encompasses an extensive collection of proprietary data and in-depth analysis, drawing from a massive data set consisting of 50 billion emails obtained from 3.5 million mailboxes. Notably, it includes an impressive compilation of almost 30 million spear-phishing emails. In addition, the report incorporates the results of a survey conducted by renowned independent researcher Vanson Bourne. This survey interviewed IT professionals across 1,350 companies, ranging from frontline employees to senior executives, encompassing organizations with 100 to 2,500 employees. The survey spanned various industries in the United States, Europe, the Middle East, Africa, and the Asia-Pacific region.
A shortage of several hundred ventilators in New York City, the epicentre of the outbreak in the US, prompted Mr Cuomo to say that he will order the machines be taken from various parts of the state and give them to harder-hit areas.
The overall findings from this groundbreaking research paint a concerning picture of the relentless onslaught of targeted email attacks orchestrated by cybercriminals, as well as the challenges faced by organizations in defending against them.
Despite spear-phishing attacks being characterized by low volume, they have emerged as a highly prevalent and remarkably successful form of email-based attack, accounting for a mere 0.1% of all email attacks while contributing to a staggering 66% of all breaches.
The impact on organizations affected by these attacks is substantial, as indicated by the survey responses. A striking 55% of respondents reported incidents of machines being infected with malware or viruses, while 49% confirmed the theft of sensitive data. Additionally, 48% experienced stolen login credentials, and 39% suffered direct monetary losses due to spear-phishing attacks.
The report also sheds light on the challenges associated with threat detection and response. On average, organizations took nearly 100 hours to identify, respond to, and remediate email threats that successfully bypassed security measures. This timeframe encompassed approximately 43 hours to detect the attack and an additional 56 hours to formulate a response and mitigate the damage.
As the prevalence of remote work continues to rise, the risks associated with spear-phishing attacks are exacerbated. Companies with more than 50% of their workforce operating remotely reported encountering higher levels of suspicious emails, averaging 12 per day compared to the 9 per day experienced by companies with a smaller remote workforce.
Moreover, the report highlights the impact of a larger remote workforce on detection and response times. Organizations with more than 50% remote employees reported that it took longer to both detect and respond to email security incidents, averaging 55 hours for detection and 63 hours for response and mitigation. This is in contrast to organizations with fewer remote workers, which averaged 36 hours for detection and 51 hours for response and mitigation.
Fleming Shi, the CTO of Barracuda, emphasized the seriousness of spear-phishing attacks, stating, “Even though spear phishing is low volume, with its targeted and social engineering tactics, the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating.” Shi emphasized the importance of investing in account takeover protection solutions with advanced artificial intelligence capabilities, highlighting their superior efficacy compared to rule-based detection mechanisms. Improved detection efficacy will play a crucial role in thwarting spear-phishing attacks with reduced response time required during an attack.