50 per cent of businesses in Asia-Pacific and globally falling victim in 2022
According to the 2023 spear-phishing trends report released by Barracuda, a leading provider of cloud-enabled security solutions, 50 per cent of businesses in Asia-Pacific and across the globe fell victim to spear-phishing attacks in 2022. The report, which analyzed 50 billion emails across 3.5 million mailboxes, highlighted the prevalence and impact of targeted email attacks on organizations.
Spear-phishing attacks involve cybercriminals sending personalized emails to specific individuals within a company, often impersonating trusted entities to deceive victims into divulging sensitive information, making financial transactions, or downloading malicious software.
Key findings from the report include:
- Scale of Attacks: Most organizations received an average of five highly personalized spear-phishing emails per day in 2022. It took them an average of two days to detect these attacks.
- Impact of Attacks: Of the businesses affected by spear-phishing attacks, 55 per cent reported malware or virus infections on their machines, 49 per cent reported data breaches, 48 per cent reported stolen login credentials, and 39 per cent suffered direct financial losses.
- Effectiveness of Spear-Phishing: Although spear-phishing attacks accounted for only 0.1 per cent of all email-based attacks, they were responsible for a staggering 66 per cent of all breaches, indicating their high success rate.
- Slow Response Time: Organizations struggled with threat detection and response, taking an average of nearly 100 hours to identify, respond to, and remediate spear-phishing attacks. This includes 43 hours to detect an attack and 56 hours to respond and mitigate it.
- Remote Workforce Vulnerability: Remote workforces were more susceptible to spear-phishing attacks compared to non-remote ones. Companies with 50 per cent remote workers received approximately 12 suspicious emails per day, compared to nine for companies with fewer remote workers. Moreover, organizations with higher remote work percentages had slower detection and response times.
Fleming Shi, CTO at Barracuda, emphasized the need for businesses to invest in account takeover protection solutions with artificial intelligence capabilities to counter spear-phishing attacks effectively. Such tools, which offer improved detection efficacy, can help prevent these highly targeted attacks and minimize the response required during an incident.
As spear-phishing attacks continue to pose a significant threat to organizations, it is imperative for businesses to prioritize email security measures, enhance threat detection capabilities, and provide comprehensive training to employees to mitigate the risks associated with these sophisticated attacks.