cfo-au logo
Story image

Australian professionals high target for cyber crims, new study shows

More than half (54%) of surveyed Australian Infosec professionals faced phishing-triggered ransomware infections in 2019, according to a new report titled ‘State of the Phish’ by Proofpoint.

This is more than any of the other six countries surveyed, including the US, UK, Japan, Germany, France and Spain, and highlights the need for user training and email reporting as spear phishing attacks increase, Proofpoint states.

However, Australian working adults were the most likely of all global respondents to correctly identify the definition of ransomware.

Proofpoint’s report examines global data from nearly 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period, along with third-party survey responses from more than 600 information security professionals in the US, Australia, France, Germany, Japan, Spain, and the UK.

The report also analyses the fundamental cybersecurity knowledge of more than 3,500 working adults who were surveyed across those same seven countries.

Proofpoint country manager Australia and New Zealand Crispin Kerr says, “Australian organisations must take an active approach to cybersecurity education. Criminals are constantly refining their attack methods, using sophisticated emails lures, phone calls, and SMS to snare as many victims as possible.

“Attackers do their homework, and their messages often seem personally relevant to recipients. Regular company-wide training is crucial to make sure staff can spot the warning signs and keep themselves and their organisation safe.”

The research also uncovered that 63% of Australian companies provide company-wide cybersecurity training highlighting the opportunity for increased user training to help combat cyberattacks in 2020. Cybercriminals are also using increasingly sophisticated methods to lure victims.

In fact, 52% of Australian organisations experienced vishing, which sees criminals impersonating legitimate sources via phone calls, while 58% experienced smishing, which uses SMS as a channel to attack users.

The report also showed more than half (56%) of Australian organisations report that rate of phishing attacks observed either decreased or stayed the same in comparison to the previous 12 months, reflecting the new tendency of criminals to forgo high-volume attacks in favour of more targeted methods.

Despite 79% of Australian organisations reporting a reduction in phishing susceptibility after the delivery of cybersecurity training, just over half (53%) conduct active cybersecurity training by way of simulated phishing attacks one of the most effective way of educating staff.