Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
RESPONSE
TRENDS
Europe
OVERVIEW
In other words, despite all their investments in technology, almost 80% of European companies surveyed
for this study have experienced a phishing-related incident. With nearly 6 in 10 companies believing they
have insufficient defences, there’s a gap between “We’re worried” and “We’re well prepared.”
Read on to learn about the implications of our phishing response data and what organisations can do
to improve their anti-phishing security.
Numerous Industries
The surveyed companies represent firms in a wide variety of industries: business services, high tech,
manufacturing, healthcare, financial, retail trade, wholesale trade, transportation, consumer services,
telecom and general. One hundred percent of respondents participated voluntarily; none were engaged
using telemarketing.
UK/US
78% have dealt with a security 2% Not sure
incident originating with a No, never
101-500 51-100
incident responders receiving every forwarded employee
email, some truly suspicious, some just spam. Given
0 limited
10 20staff
30 and
40 time,
50 how70do80you sort through
60 0 20hundreds
40 60 80
Computer-based
training 94% Nearly all respondents
Sandboxes 82%
Email gateway filtering 98%
have layers of security
0 10URL analysis
20 solutions30 40 50 96% in place.
Security information and
event management tool 93% In fact, while the combinations may differ,
Anti-malware solution 97% many companies have more than four
Advanced threat solution 93% security solutions in place to combat
External threat intelligence 84% email and phishing threats. They often
30 40 50 60 70 80 0 20 40 60 80 100
rely on technology
0 10
alone,
20 30
with
40
two-thirds
50 60 70 80
utilising anti-malware solutions and
* Multiple responses allowed.
Figure 4: What type(s) of security solutions does your organisation
roughly the same percentage using email
use or plan to use? gateway filtering.
Ultimately, the answer is better solutions that (a) leverage broader teams to identify phishing and
(b) automate and orchestrate response. By reducing noise in the reporting inbox (if they have one),
companies can free responders to focus on real threats.
0 10 20 30 40 50 60
usually come with reasons why they must be carried out right away and kept under wraps. Though law
enforcement agencies have warned businesses about BEC scams, untrained employees still fall for them.10
With even the most tech-savvy companies—think Google and Facebook—losing millions in
0
phishing
10 20 30 40 50 60 70
scams, everyone should be keeping a close eye on their inboxes.
Europe US
CITATIONS
1. Anti-Phishing Working Group (APWG), “Phishing Activities Trends Report,” 2017.
2. IT Pro, “UK Businesses under Attack from Phishing Scams,” 2016.
3. The Independent, “Hackers Target Irish Energy Networks Amid Fears of Further Cyber-Attacks on UK’s Crucial
Infrastructure,” 2017.
4. Wired, “A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever,” 2015.
5. CNBC, “French Presidential Frontrunner’s Campaign Hit by Phishing Attempts from Russia-Linked Hackers,” 2016.
6. Information Week, “Global IT Security Spending Will Top $81 Billion in 2016,” 2016.
7. The Radicati Group, Inc., “Email Statistics Report, 2015-2019,” 2015.
8. Verizon, “2017 Data Breach Investigations Report 10th edition,” 2017.
9. Mandiant, “M-Trends 2017: A View from the Front Lines,” 2017.
10. HelpNet Security, “Belgian Bank Crelan Loses €70 Million to BEC Scammers,” 2016.
11. Cisco Continuum News, 2017.
12. Cofense, “Multinational Imaging and Optical Manufacturer Reduces Global Phishing Exposure with Cofense,” 2017.
21%
45%
32%
Yes, Yes, on
on one more than
occasion one occasion
0 10 20 30 40 50 60 70
28%
0
32%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60
An add-in feature/button
within the email client
46%
By contacting
the helpdesk 49%
We do not currently have
a standard process 1%
0
20 30 40 50
0 10 20 30 40 50 60 70 80 0 20 40 60 80 100
* Multiple responses allowed.
76%
Phishing and
spear phishing
Whaling and
CEO Fraud UK/US 55%
Smishing
(deceptive SMS) 25%
USB malware
36%
Vishing
(social engineering
phone calls)
20%
None of the above 1% 0 10 20 30 40 50 60
80 100 0 10 20 30 40 50 60 70 80
0 10 20 30 40 50 60 7
Somewhat
1% Not effective
effective
Very
effective
43%
56%
0 10 20 30 40 5
50
6% Over 12
months
Within
7 to 12
months
42% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 10 20 30 40 50 60 70 80
23%
39%
35%
Yes, Yes, on
on one more than
occasion one occasion
0 10 20 30 40 50 60 70
16%
18%
27%
0 37%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60 80
An add-in feature/button
within the email client 52%
By contacting
the helpdesk 51%
We do not currently have
a standard process
2%
20 30 40 50 0
0 10 20 30 40 50 60 70 80 0 20 40 60 80 100 0
* Multiple responses allowed.
79%
Phishing and
spear phishing
Whaling and
CEO Fraud
Germany
53%
Smishing
(deceptive SMS) 28%
USB malware 24%
Vishing
(social engineering
phone calls)
14%
None of the above 2% 0 10 20 30 40 50 60
60 80 100 0 10 20 30 40 50 60 70 80
Somewhat
effective
Very
effective
37%
63%
50 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 to update
20 40 60 or augment
80 100 your phishing
0 10 20 prevention
30 40 50 60 70 80
5%
Over 12
months Within
7 to 12
16% 34% 3 months
months
41% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 10 20 30 40 50 60 70 80
18%
41%
39%
Yes, Yes, on
on one more than
occasion one occasion
0 10 20 30 40 50 60 70
25%
0 30%
10 20 30 40 50 60
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60 80
81%
Phishing and
spear phishing
Whaling and
CEO Fraud France 45%
25%
Smishing
(deceptive SMS)
USB malware
43%
Vishing
(social engineering
phone calls) 26% 0 10 20 30 40 50 60
60 80 100 0 20 40 60 80 100
Somewhat
2% Not effective
effective
Very
effective
48%
50%
60 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 to update
20 40 60 or augment
80 100 your phishing
0 20 prevention
40 60 80 100
Within
7 to 12
months
23% 34% 3 months
39% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 20 40 60 80 100
8%
39% 53%
Yes, Yes, on
on one more than
occasion one occasion
0 10 20 30 40 50 60 70
Up to 50
501-1000
6%
16%
41%
0 37%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50
An add-in feature/button
within the email client 29%
By contacting
the helpdesk 65%
20 30 40 50 0
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 0
* Multiple responses allowed.
82%
Phishing and
spear phishing
Whaling and
CEO Fraud Belgium 78%
8%
Smishing
(deceptive SMS)
USB malware
63%
Vishing
(social engineering
phone calls) 14% 0 10 20 30 40 50 60 70 80
0 40 50 60 0 20 40 60 80 100
Somewhat
2% Not effective
effective
Very
effective
18%
80%
50 0 10 20 30 40 50 60
10 20 30 When
4050 60do70you
80 expect
0 10to update
20 30 or
40 augment
50 60 your phishing
0 20 prevention
40 60 80 100
15% Within
26% 3 months
7 to 12
16%
months
43% 4 to 6
months
0 10 20 30 40 50 60 70 80
0 10 20 30 40 50 60 0 20 40 60 80 100
Yes, 40%
on one
occasion
0 10 20 30 40 50 60 70
30%
0 20%
10 20 30 40 50 60
101-500 51-100
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 7
How effective do you think your current phishing response process is?
Somewhat
effective
Very
effective
56%
44%
60 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 10 to
20 update
30 40 50or60
augment
70 80 your phishing
0 10 20 prevention
30 40 50 60 70 80
4%
Over 12
months 20% Within 3 months
24%
7 to 12
months
48% 4 to 6
months
0 10 20 30 40 50 60
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80