August 16, 2016
Duo Security, a cloud-based trusted access provider, today published research that illustrates the risk phishing attacks present in the enterprise. Since its July launch, upwards of 400 companies have begun using Duo Insight, a free tool that lets IT teams run internal phishing simulations. Of the 11,542 users who received a phishing email from their IT team, 31% of organizations are at risk of a data breach due to phishing attacks.
The firm said that based on the data from Duo Insight, in a real-world scenario, attackers can run a phishing campaign that takes only five minutes to put together, and within 25 minutes they have obtained access to corporate data resulting in a data breach.
Data analysis from Duo Labs uncovered that:
* 31% of users clicked the link in the phishing email sent by their internal team.
* Those users who clicked the link in the phishing campaign open their organizations to hackers through unsecured internet browsers, plugins (Flash and Java), and out-of-date operating systems on their devices.
* Hackers can easily exploit those vulnerabilities and get even more than they would get with just a set of credentials. In this case, attackers would have complete control over the compromised device.
* 17% of users entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.
The Duo Insight management team says its goal is to “offer organizations of all sizes a free internal phishing drill system that allows them to simulate a phishing attack on their employees in five minutes.
“With the results of those simulations, administrators can identify potential security weaknesses and make the case for investing in stronger security solutions or better employee education.”