• 85% report being the victim of a phishing attack, up 13% from 2014
  • 67% report a spear phishing attack, up 22% from 2014

Pittsburgh, PA – January 27, 2016 Wombat Security Technologies (Wombat) today announced results of a newly published research report, The State of the Phish, which found that phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent.

Organizations surveyed indicated they have suffered malware infections (42%), compromised accounts (22%), and loss of data (4%) as a direct result of successful phishing attacks.

The report found that the most popular phishing attack templates with the highest click rates included items employees expected to see in their work email such as an HR document, or a shipping confirmation. For example, the survey found that employees were more cautious when receiving “consumer” emails regarding topics like gift card notifications, or social networking accounts. However, an “urgent email password change request” had a 28% average click rate.

“Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today,” said Trevor Hawthorn, CTO of Wombat. “In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company’s critical data and reputation. Our methods have shown that a Continuous Training Methodology which educates end users on cybersecurity threats changes employee behavior and reduces risk within an organization.”

Other key findings:

  • Personalized Spear Phishing – Spear phishers often go to great lengths to gather information on key people within an organization in order to craft a personalized and convincing email. Emails personalized with a first name had click rates 19% higher than those with no personalization.
  • Industry Breakdown – Wombat found that click rates vary per industry, with telecommunications and professional services clicking phishing emails more than other industries.
  • Technology Protection – Organizations surveyed say they protect themselves from phishing using a variety of methods, including email spam filters (99%), outbound proxy protection (56%), advanced malware analysis (50%), and URL wrapping (24%).
  • Endpoint Vulnerability – Wombat found the following plugins as most vulnerable for being outdated and susceptible to an attack: Adobe (61%), Adobe Flash (46%), Microsoft Silverlight (27%), and Java (25%).
  • Suspicious Attachments – The most suspicious attachments identified by Wombat include pdf (29%), doc (22%), html (13%), and xls (12%) among others.

Notably, research conducted in 2015 on the Cost of Phishing and Value of Employee Training by Wombat and Ponemon Institute found that the majority of costs caused by successful phishing attacks are the result of the loss of employee productivity and uncontained credential compromise, among other factors, which together cost an average sized company $3.77 million per year.

Survey Methodology

The annual State of the Phish report is based on data from millions of simulated phishing attacks collected between October 1, 2014 and September 30, 2015. The survey also includes several hundred responses from security professionals, which includes both Wombat customers and non-customers.

In 2013 and 2014 ThreatSim, prepared the annual State of the Phish report. Wombat acquired ThreatSim in October 2015, which combined two of the leading simulated phishing attack tools, and enabled the companies analyze a broader set of data and survey results for this year’s report.

About Wombat Security Technologies
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping Fortune 1000 and Global 2000 customers in industry segments such as finance and banking, energy, technology, higher education, retail and consumer packaged goods to strengthen their cyber security defenses. 

Contact:
Susan Mackowiak
press@wombatsecurity.com
412-621-1484 x 126