Companies IT security practices are leaving them vulnerable to spear phishing attacks losing them data and system downtime

Boston, MA and Galway, Ireland, 27th September 2011, A recent poll carried out by SpamTitan has discovered that 70% of companies that believe their organisation have been a victim of a spear phishing attack are unsure that such attacks are reported to I.T. and dealt with appropriately. The lack of proactive measures to deal with the attacks can cost companies financially through the loss of data and system downtime. Spear phishing is a growing issue where a targeted false email that appears to be legitimate is sent to individuals or a company in order to access data.

The poll was distributed to SpamTitan customers who were asked if their company has ever experienced a spear phishing attack and if said attack had been reported to their IT department for treatment. Only 32% of those who responded believed their organisation had been exposed to a spear phishing attack but of those 70% were unsure whether the incident had been reported to their IT department to deal with.

These findings highlight the importance of a company security policy and the importance of communicating this policy effectively so that all employees know how to deal with the myriad of security issues they are regularly faced with. This includes what actions to take if they receive a suspicious and unsolicited email, what to do if they receive an email requesting information but the sender is not known to them, what internet activity can they reasonably pursue within company policy, if their role requires them to access a site that is blocked company wide how do they request access?

“Most people are now aware of various prevalent banking phishing scams or similar, spear phishing is another advanced attempt at a breach of security that appears legitimate and should therefore be highlighted even more as it is a much more sophisticated form of phishing,” said Ronan Kavanagh, CEO, SpamTitan.com. “Educating employees around a range of security issues is an important step that many companies ignore. Yes, robust, powerful and updated security solutions are crucial but this doesn’t mean that companies can afford to ignore the ‘softer’ behavioural issues associated with security. It only takes one employee to open the wrong email to give access to sensitive company data bring a whole company’s IT systems to a halt.”