A new survey sponsored by HP has revealed that 69% of IT professionals are seeing phishing attacks within their organisation at least once a week. It also discovered that seven out of every ten attacks originating within the network came from a malware-infected machine, suggesting that a layered approach to security was still relevant, in which organisations look to block suspicious traffic at every point within the network.

Frank Mong, vice president, Solutions, Enterprise Security Products at HP, said:

“Organizations are increasingly challenged to protect their networks from advanced targeted attacks, in fact, it is likely that most environments have already been breached with systems infected by malware. It’s important that IT professionals understand how attackers are trying to break through the network, and have confidence in their ability to mitigate attacks when every second matters.”

The survey, which sought the views of over 200 IT professionals, also highlighted how almost 60% of attacks come from malicious communication with the command and control server and over half exploited software vulnerabilities.

Other key findings include:

• that, among the organisations represented in the survey, the most likely country of origin for attacks was China, followed by Russia and the US
• a high level of concern over the ways in which employees use data: 85% of the respondents are concerned about illicit file sharing and the use of non-work-related applications; sixty-three percent are concerned with employees visiting adult themed websites on the corporate network and almost 70% were worried about ‘social media abuse’ by employees during working hours
• where networks were breached, 67 percent of of those questioned said customer data was most likely to be attacked, closely followed by the company’s financial data (63%). Other data noted as being particularly at risk includes intellectual property (59%) and employee data (49 percent).

According to Mong, the survey showed that:

“Organizations are increasingly challenged to protect their networks from advanced targeted attacks, in fact, it is likely that most environments have already been breached with systems infected by malware. It’s important that IT professionals understand how attackers are trying to break through the network, and have confidence in their ability to mitigate attacks when every second matters.”

Proofpoint’s Mark Sparshott, EMEA director, added that:

“HP’s latest research shows that advanced and targeted email attacks such as phishing and longlining are omnipresent. Proofpoint see this in the field on a daily basis, our security audits show two things, these attacks are bypassing well known email filters that companies mistakenly believe provide protection against these new attacks, and that on average end users are clicking on the malicious URLs within 1 in 10 of these emails providing cybercriminals with an easy way to breach targets of choice as well as targets of opportunity.”

If you are a security professional working within a large organisation are your general experiences similar and do you have a particular issue with phishing? If so, how are you mitigating the risk?