What’s Worse Than a Phishing Attack? How About a Slow Response!
Quick Answer
Slow response to phishing is often more damaging than the initial attack. A 2020 survey of 300+ security decision-makers at large US firms found 47% spent 6 to 10 minutes or more researching a single suspicious URL, 40% still relied on manual inspection, only 19% used fully automated real-time URL analysis, and only 1 in 8 had real-time threat intelligence operationalized to block live web threats. The problem: attackers can stand up and tear down a phishing site in under 10 minutes, so manual investigation is structurally too slow. Fix it with real-time link click protection that rewrites URLs at delivery and re-checks them at click time, automated mail flow rules that quarantine suspicious mail in seconds, and one-click user reporting tied directly to a security workflow.
You can take every precaution imaginable and still have your company get hit with a successful phishing attack. Why is that? Because hackers are just that good and employees are, well, just that human.
While you can be forgiven for being hit by a phishing attack, especially if you’ve taken reasonable precautions, there’s really no excuse for a slow response. According to an article on Security Boulevard, “researching URLs in suspected phishing incidents has become a costly and time-intensive process, according to a new survey of 300-plus security decision-makers at large U.S. firms. Nearly half of all survey respondents (47%) reported URL research times of six to ten minutes or more per incident.”
In the world of phishing attacks, ten minutes is an eternity, given that hackers can set up and take down a phishing website in less than that time. What’s even more remarkable is that “40% still use manual inspection and research to determine if a suspicious URL is malicious. This approach is costly and dangerous for large organizations that are facing a chronic shortage of trained cybersecurity staff.”
Business man with internet network security technology computer online system and spreading to global stolen personal data on computer with virtual screen interfaces.Cyber security concept. Given the availability and affordability of real-time link scanning technology, it’s surprising that “only 19% of survey respondents reported their URL research as being a fully automated, real-time process. And only one in eight organizations reported real-time operationalization of threat intelligence feeds to block live web threats.”
Phishing attacks are a real-time security threat which must be met with real-time defense. Cloud-based phishing protection like that available from DuoCircle.com is available for just pennies per month per employee. It requires no upfront investment, sets up in 10 minutes and works with every email service provider.
There’s simply no excuse for a slow or manual response to a phishing attack today. Get zero-hour malware and ransomware protection from DuoCircle.com. Try it free for 30 days.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.