A new study from cyber security company Agari reveals the scale of social engineering attacks on industrial organizations across the US.
Of over 200 security leaders surveyed 60 percent say their organizations were, or may have been, victim of at least one targeted social engineering attack in the past year, and 65 percent of those who were attacked say that employees’ credentials were compromised as a result. In addition, financial accounts were breached in 17 percent of attacks.
Among other findings are that 89 percent of respondents have seen either a steady pace or an increase in spear phishing and other targeted email attacks in the past year. Of these attacks, more than 69 percent are looking to steal user credentials to commit fraud against the organizations.
There’s a lack of confidence in defenses too with 49 percent of respondents rating the effectiveness of the current controls they deploy to defend against social engineering attacks as average or below. 20 percent admit they don’t know if their brands have been used in social engineering attacks on customers or partners.
Many also worry about security at partner organizations. More than a fifth of respondents say they have ‘no confidence’ in their business partners’ abilities to defend against social engineering attacks that could compromise the respondents’ organizations. In addition half percent say they don’t have a program in place to audit and encourage partners to authenticate email sent to their organizations.
“Most enterprises think that if they train their employees to be aware of malicious emails, it will be enough. However, this is delusional as it’s impossible for anyone to consistently distinguish malicious, social engineering-based emails from legitimate emails,” says Dr Markus Jakobsson, chief scientist for Agari. “Email-based attacks using social engineering are enabling cybercriminals to steal corporate secrets, carry out politically motivated attacks and steal massive amounts of money. We expect to see a catastrophic growth of these types of attacks in the future, fueled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks”.
More detail is available in the full report which you can get from the Agari website.
Photo Credit: Lasse Kristensen/Shutterstock