3 in 4 Aussie orgs faced phishing attacks in 2020

Nearly three-quarters of security professionals in Australia (74%) say their organisations faced a broad-based phishing attack in 2020, according to research from Proofpoint.

The company’s seventh annual State of the Phish report found that ransomware infections impacted two-thirds of Australian respondents to the survey.

The report, based on responses from 3500 working adults in Australia, the UK, France, Germany, Japan, Spain and the US, found that phishing attacks remain a pressing concern.

In Australia, 60% of local survey respondents responding to have experienced a successful phishing attack in 2020 compared to 54% in 2019.

The report also highlights a need for a people-centric approach to cybersecurity protections and awareness training that accounts for changing conditions such as those faced during COVID-19. For example, while 80% of Australian infosec survey respondents said their workforce shifted to a work-from-home model last year, only 32% trained users on remote safe working.

But at the same time, 86% of Australian organisations surveyed indicated that security awareness training has reduced phishing susceptibility.

Half of Australian infosec survey respondents said their organisation punishes employees who regularly fall for phishing attacks, with repeat offenders facing punishments such as counselling from the infosec team, disciplinary actions such as written warnings and impacts on yearly performance reviews.

Threat actors are continuing to target people with agile, relevant and sophisticated communications — most notably through the email channel, which remains the top threat vector in Australia and worldwide,” said Crispin Kerr, ANZ Area Vice President at Proofpoint.

“Ensuring users understand how to spot and report attempted cyber attacks is undeniably business-critical, especially as teams continue to work remotely — often in a less secured environment. While many organisations in Australia say they are delivering security awareness training to their employees, our data shows most are not doing enough.”

Among working adults, 42% of respondents are still allowing friends and family to access work-issued devices to do things like check emails, use social media, shop online and play games, although this is an improvement from 51% a year ago.

In addition, just 59% of Australian workers know they should be suspicious of all unsolicited email, and only 42% were able to pick the correct definition of ransomware from a multiple-choice list.

Image credit: ©stock.adobe.com/au/madedee