Australians need more cyber training, Proofpoint warns
Australian organisations need to take a more active approach to cybersecurity training as cybercriminals increasingly refine and personalise their attacks, according to Proofpoint.
The warning comes after the cybersecurity firm’s 2019 State of Phish Report revealed Australian organisations faced the highest rate of phishing-triggered ransomware attacks last year, compared to the US, UK, Japan, Germany, France and Spain. Although the company also noted Australian working adults were most likely to correctly identify the definition of ransomware.
The report examined data from almost 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period, along with third-party survey responses from more than 600 information security professionals across the seven countries — 65 of which came from Australian Infosec professionals. The report also analyses fundamental cybersecurity knowledge of more than 3500 working adults, including 500 Australians, who were surveyed across the same seven countries.
Despite 56% of Australian organisations reporting a decrease or levelling in the rate of observed phishing attacks from the previous 12 months, Proofpoint is calling on Australians to remain vigilant, believing the statistic reflects “the new tendency of criminals to forgo high-volume attacks in favour of more targeted methods”.
“Criminals are constantly refining their attack methods, using sophisticated email lures, phone calls [vishing] and SMS [smishing] to snare as many victims as possible,” Proofpoint Australian and New Zealand Country Manager Crispin Kerr said.
“Attackers do their homework and their messages often seem personally relevant to recipients. Regular company-wide training is crucial to make sure staff can spot the warning signs and keep themselves and their organisation safe.”
Last year, 57% of Australian organisations faced vishing attacks and 62% faced smishing, the report said.
Fortunately, 79% of Australian organisations reported reduced phishing susceptibility after security awareness training; however, only 53% used simulated attacks — which Proofpoint argued is “the most effective way of educating staff” — as part of that training. The cybersecurity firm urged users to perform more simulations, especially using personalised fields, such as first, last and company names and email addresses, in line with current phishing trends.
“It’s worth noting that including the name of the recipient’s organisation within a phishing test was more likely to increase failure rates,” the company said in its report.
The full report can be accessed via Proofpoint’s website.
The US Department of Justice has issued warrants for five alleged members of the APT41 cybercrime...
A survey by Gartner has found that cybersecurity analysts are concerned about the rapidly...
Security and risk leaders have been advised to balance risk, trust and opportunity to help their...