Phishing presents a cybersecurity threat to organizations by targeting employees and exploiting a lack of cybersecurity awareness.
The Business Cost of Phishing report from IRONSCALES and conducted by Osterman Research shows that IT and security teams spend one-third of their time handling phishing threats every week. The report asked 250 IT and security practitioners about their phishing practices, finding that 70% of organizations spend 16-60 minutes dealing with a single phishing email message.
On average, dealing with the threat of a single phishing email takes 27.5 minutes at a cost of $31.32 per phishing message. Most respondents expect the impact of phishing to get worse over the coming 12 months, with 67% expecting the time spent on phishing per week for IT and security teams to stay the same or increase.
How to combat phishing
The report suggested four strategies for cybersecurity professionals to employ to best prevent and mitigate phishing and its affects on their organizations.
- Gauge phishing awareness among employees using surveys and incorporate phishing material in future training materials to compensate for any knowledge gaps and reduce the susceptibility to these fraudulent emails.
- Use the principle of least privilege access to ensure that even if an employee’s account gets compromised, your attack surface is minimized by restricting access levels to only what’s necessary for job functions and duties.
- Use phishing simulation and training exercises to give employees practical opportunities at improving their ability to detect social engineering techniques common across various types of attacks.
- If you have a BYOD policy that allows employees to connect their smartphones to your corporate network and apps, update the policy to include specific tips and guidance for employees in ensuring they don’t fall victim to text-based scams.
For more report information, click here.