The majority of respondents (58 percent) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users (also known as a “spear phishing” attack).
There was some difference between the two surveys: For example, in the RSA survey, 62 percentof respondents said that they believe their organization was targeted by such an attack. In the Infosecurity survey, 42 percentof respondents said that they believe their organization was targeted by such an attack. It’s unclear if this indicates a real difference in the prevalence of spear phishing between the U.S. versus Europe, a difference in the level of concern and/or awareness of spear phishing between the two regions, or if the discrepancy is an artifact of the difference in sample sizes between the two surveys.
Overall, 20 percentof respondents said that their organization was not the target of a spear phishing attack (18 percent RSA, 32 percent Infosecurity). Another 21 percentof respondents (20 percent RSA, 26 percent Infosecurity) reported that they did not know.
During the RSA Conference 2013 and Infosecurity Europe 2013 conferences, Proofpoint surveyed a total of 620 professionals with C-level, IT, security and risk/compliance titles (505 of these at the RSA Conference, 115 at Infosecurity Europe) that visited Proofpoint’s conference booth. Using a Web-based survey, respondents were asked about a variety of concerns around spear phishing, advanced targeted attacks and data breaches. Both surveys asked the same questions. This slideshow features the key findings.