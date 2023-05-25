Spear-phishing attacks make up only 0.1 percent of all e-mail-based attacks, according to Barracuda data, but they are responsible for 66 percent of all breaches.

A total of 53 percent of Indian organisations fell victims to spear phishing in 2022, and on average, 24 percent had at least one email account compromised through account takeover, according to a recent study.

According to Kaspersky, spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business.

Cybersecurity firm Barracuda published its 2023 spear-phishing trends report on Thursday, which showed that 63 percent of Indian respondents that experienced a spear-phishing attack had machines infected with malware or viruses. Sixty-one percent of them reported having their login credentials or accounts taken over, and 56 percent reported having sensitive data stolen.

The report presents proprietary spear-phishing data and analysis from a data set that comprises 50 billion emails across 3.5 million mailboxes, including nearly 30 million spear-phishing emails. The report also features survey findings from Barracuda-commissioned research at 150 Indian companies with 100 to 2,500 employees, across a range of industries.

Spear-phishing attacks make up only 0.1 percent of all email-based attacks, according to Barracuda data, but they are responsible for 66 percent of all breaches.

The report also said that on average, organisations take nearly 100 hours to identify, respond to, and remediate a post-delivery email threat. “In India, organisations take 67 hours to detect the attack and 53 hours to respond and remediate after the attack is detected,” the report added.

Also Read: Here is how users can keep themselves safe from fraudsters on WhatsApp

Users at companies with more than a 50 percent remote workforce seem to report higher levels of suspicious emails — 12 per day on average — compared to nine per day for those with less than a 50 percent remote workforce.

Companies with more than a 50 percent remote workforce also reported that it takes longer to both detect and respond to email security incidents, with 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively, for organisations with fewer remote workers.

According to Fleming Shi, CTO, Barracuda, businesses must invest in account takeover protection solutions with artificial intelligence capabilities to help stay ahead of these highly effective attacks. “Such tools will have far greater efficacy than rule-based detection mechanisms. Improved efficacy in detection will help stop spear-phishing with reduced response needed during an attack,” he added.