Cofense, the leading provider of human-driven phishing defence solutions worldwide, has published the results of its European-wide Phishing Response Trends Report, which looked at the phishing response strategies of IT security decision-makers across a variety of industries throughout Europe. The report found that 57 percent of European companies believed they were unprepared for a phishing attack, despite 78 percent of IT professionals having dealt with a security incident originating from a deceptive email. This was significantly lower than the 66 percent in the US that had dealt with a similar incident.
Across all the European countries surveyed, security teams reported that they are struggling to manage their response to the number of suspicious emails being received. The US and Europe differ, however, in their appetite for automated email analysis to solve this problem. 59 percent of respondents in Europe had automated email analysis on their wish list, compared to only 33 percent in the US. Arguably, this could point to the skills gap much discussed across Europe . With organisations of all sizes struggling to find IT talent and particularly cyber security skills, perhaps the need for an automated and integrated system to deal with suspicious emails is being felt more acutely in Europe.
Other key findings in the report include:
- The number one security concern is phishing and email-related threats.
- 41 percent of respondents say their biggest anti-phishing challenge is poorly integrated security systems.
- 6 in 10 companies believe they have insufficient defences against email-based threats.
- The UK reports the most suspicious emails each week across Europe with 23 percent reporting more than 500, Belgium reports the least at 16 percent followed by Germany at 18 percent, France at 20 percent and the Netherlands at 22 percent.
With phishing and email-related threats being the primary security concern of the European-based survey respondents, it is critical that businesses have an effective strategy to counter the attack vector which is fully integrated with broader security solutions. It is paramount, for example, that phishing simulations are akin to the real thing and encourage reporting which, in turn, can not only stop a malicious email compromising an enterprise’s network, but can give the incident response team a head start.
“The analysis of email-based attacks gives us extremely valuable insight into the security posture of European organisations,” said Rohyt Belani, co-founder and CEO of Cofense. “What we’re really looking at here is addressing human susceptibility and building human resiliency to work in concert with technology to combat security threats facing Europe. Technology solutions alone have proved time and time again that they can only go so far to protect enterprises. It is not enough to lock down systems and force users into acting a certain way, instead we need to build a human-driven phishing defence posture that leverages human instinct for detection and technology to scale response,” he concluded.
