Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/10/2020
10:15 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Osterman Survey on the Phishing Prevention Perception Gap Reveals Disconnect Between C-Suite and Cybersecurity Professionals

Sponsored by IRONSCALES, study reveals that while phishing is a major concern for all organizations, decision makers are four times more likely than security practitioners to consider email security the highest priority.

TEL AVIV & ATLANTA – MARCH 10, 2020 - IRONSCALES, the pioneer of self-learning email security, today announced the results of a new survey of cybersecurity professionals conducted in partnership with Osterman Research, a leading security market research firm“The Phishing Prevention Perception Gap: Robust Email Security Requires Alignment Between Security Practitioners and Decision Makers” is based on a detailed, cross-industry survey of 252 security professionals from the United States and the United Kingdom and found that a serious disconnect exists between how decision makers (i.e., CISOs, CIOs and CEOs), and security practitioners (i.e., IT managers and directors, security architects and security operations analysts) perceive phishing prevention.

Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk. The complete survey results have been compiled into a 20-page report which can be downloaded for free at https://get.ironscales.com/rs/954-HBD-655/images/osterman_research_white_paper.pdf

“The disconnect between security practitioners and decision makers is extraordinarily problematic for phishing prevention and incident response,” said Eyal Benishti, IRONSCALES founder and CEO. “The cause for such a predicament - whether or not security professionals on the front lines don’t fully understand the long-term business impact of a successful phishing attack or if the C-Suite is simply over-concerned - is irrelevant. What matters is that moving forward these two important constituencies get on the same page so that the proper time and attention can be allocated towards minimizing phishing risk.”

Conducted over four weeks between late December 2019 and early January 2020, the survey was designed to determine whether or not current email security and anti-phishing technologies, practices and processes are adequate enough for mid-sized businesses and enterprises to truly reduce email phishing risk. Overall, the survey revealed that there is a critical need for real-time threat intelligence to more thoroughly address the risk of phishing; that the security skills shortage is having a material impact on security teams’ ability to deal with phishing properly, and that most organizations are using several tools to combat phishing, with secure email gateways remaining the most common.

Other key findings from the survey include:

  • 24% of a 40-hour work week is spent by security analysts investigating, detecting or remediating phishing emails
  • Only One in five organizations continuously updates and tweaks its corporate email security policies in a typical month
  • Nearly three in five organizations train their users on proper email security protocols no more than twice per year, while only a third of organizations do so much more frequently (at least monthly or continuously).
  • More than 70% of organizations use only manual processes for reviewing user-reported phishing emails, making it far too labor and time-intensive to mitigate email threats at scale.

The survey also found that phishing emails continue to take organizations a substantial amount of time to detect, investigate and remediate. In total:

  • 70% of organizations take more than 5 minutes to remove a phishing attack from a corporate mailbox even though the average time-to-click is 82 seconds.
  • 75% of organizations cannot act on phishing intelligence automatically in real-time.
  • 90% of organizations cannot orchestrate phishing intelligence from multiple sources in real time in the context of their overall email security solution(s).

“The survey’s findings reinforce the significant challenges that email phishing attacks incur on organizations of all sizes,” said Michael Osterman, principal analyst at Osterman Research. “Most immediately, decision makers and cybersecurity practitioners must work to overcome the disconnect that exists so that time, budget and resources can be properly allocated to reduce email phishing risk.”

For more information on how IRONSCALES helps reduce email phishing risk, visit www.ironscales.com and follow @ironscales on social media.

About IRONSCALES

IRONSCALES is the future of phishing protection, incubated inside the world’s top venture program for cybersecurity and founded by alumni of the Israeli Defense Forces’ elite Intelligence Technology unit. We offer security professionals and end users an AI-driven, self-learning email security platform that provides a comprehensive solution to stop tomorrow’s phishing attacks today. Using the world’s most decentralized threat protection network, our platform accelerates the prevention, detection and remediation of phishing attacks already inside your email with threat removal times in seconds, not minutes or hours. We give organizations of all sizes complete anti-phishing protection against any type of phishing attack, right now. Visit www.ironscales.com to learn more about The Power of Now.

 

About Osterman Research

Osterman Research provides timely and accurate market research, cost data and benchmarking information to technology-based companies. They do this by continually gathering information from IT decision-makers and end-users of information technology. They report and analyze information to help companies develop and improve the products and services they offer to different markets or to internal customers. Learn more at www.ostermanresearch.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...