65 percent of these social engineering attacks compromised employee credentials and 17 percent of these attacks breached financial accounts
SAN MATEO, Calif. – Nov. 30, 2016 – Agari, a leading cybersecurity company, today released the results of a commissioned survey, Email Security: Social Engineering Report, conducted by Information Security Media Group (ISMG) on behalf of Agari, which examined the impact of social engineering on organizations across a range of industrial sectors in the U.S. The results revealed that 60 percent of surveyed security leaders say their organizations were or may have been victim of at least one targeted social engineering attack in the past year, and 65 percent of those who were attacked say that employees’ credentials were compromised as a result of the attacks. In addition, financial accounts were breached in 17 percent of attacks.
Social engineering attacks, which rely on human interaction and fraudulent behavior to trick people, are the fastest growing security threat for enterprises today. While traditional attacks leverage technology-based system vulnerabilities, such as software bugs and misconfigurations, social engineering attacks take advantage of human vulnerabilities by using deception to trick targeted victims into performing harmful actions. Examples of social engineering attacks, which are typically launched via email, include phishing, spear phishing and Business Email Compromise (BEC). According to the FBI, BEC scams have resulted in losses of $3.1 billion as of May 2016.
More than 200 respondents participated in the study, from the healthcare, government, financial services and education sectors. Thirty-two percent of these organizations employ 10,000 or more employees, and 42 percent have more than $1 billion in annual revenue. Highlights from the report include:
“Most enterprises think that if they train their employees to be aware of malicious emails, it will be enough. However, this is delusional as it’s impossible for anyone to consistently distinguish malicious, social engineering-based emails from legitimate emails,” said Dr. Markus Jakobsson, chief scientist for Agari. “Email-based attacks using social engineering are enabling cybercriminals to steal corporate secrets, carry out politically motivated attacks and steal massive amounts of money. We expect to see a catastrophic growth of these types of attacks in the future, fueled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks.”
Agari, a leading cybersecurity company, is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at https://www.agari.com and follow us on Twitter @AgariInc.
# # #