What do you consider to typically be the root cause of a phishing incident?

Awareness & TrainingThreat Intelligence & Incident Response

User error (lack of security awareness training)34%

Ineffective security controls63%

Something else (please explain in the comments)2%

114 PARTICIPANTS
1.7k viewscircle icon1 Comment
Sort by:
Senior Information Security Manager in Software2 years ago

Root cause would be different for each incident.

But as of late, the root cause is often emails that are well crafted to fool most users.

Additionally, effective awareness training is often lacking such that people don’t know to be aware of these attacks.

Roger Grimes has a new book out ‘Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing’ - https://amzn.to/3uBbEd2

It details the many things firms need to do in order to fight phishing.

Content you might like

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Read More Comments

Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?

If you look at market research before buying cybersecurity products, what is your primary source?

Gartner40%

Forrester21%

International Data Corporation (IDC)18%

Frost & Sullivan11%

Enterprise Strategy Group (ESG)2%

451 Research2%

Omdia

I prefer to rely on word of mouth / peer recommendations3%

View Results

What are some best practices to follow when your organization is preparing to end a vendor relationship? What can you do to minimize the operational disruption that would result?

For managed service providers (MSPs) with 90% or more of your customer base on monthly subscriptions, what are the top 2 criteria for targeting ideal customers?

Demographics (company size, revenue, geography)41%

Industry59%

IT budget62%

Business model (retailer, franchise, distribution, product to service)16%

Other1%

View Results