Enterprise security pros spend too long researching suspicious URLs
Phishing threats tend to be fast moving, so the ability to block them quickly is essential for protection.
But a new survey finds that even large companies with multi-layer security controls and multiple threat feeds lack adequate safeguards to protect their employees from phishing attacks that employ links to malicious sites.
The study from SlashNext reveals that 56 percent of respondents correctly note that phishing URLs typically remain active for a very short time, under an hour to just several hours. This underlines the need for both proactive and real-time threat detection as well as fast deployment of threat intelligence to block active web threats.
Nearly half of respondents (47 percent) report URL research times of six to 10 minutes or more per incident, while 24 percent said it averaged just three to five minutes. Only 19 percent report URL research being a fully-automated, real-time process.
In addition, only 12 percent of respondents have real-time operationalization of threat feeds for blocking, while 19 percent report that it takes between five and 30 minutes and another 20 percent claim 30-60 minutes. Nearly half (49 percent) report operationalization times of more than an hour. When it comes to block list update frequency, only 23 percent report continuous or real-time updates. A quarter (25 percent) report update frequency intervals of five minutes to an hour, while over half (53 percent) have update intervals longer than an hour.
The top barriers to faster block list updates include process/policy limitations for implementation, systems limitations for ingestion, and systems limitations for implementation. Close behind these are budget/resource constraints and cross-functional and internal political challenges.
"It has become a race against time to implement timely threat intelligence quickly enough to protect employees from fast-moving phishing threats," says Atif Mushtaq, CEO of SlashNext. "Only 13 percent of respondents reported real-time operationalization of threat feeds for blocking, so most organizations are exposed and need real-time phishing threat intelligence and greater automation to close the gaps in their phishing defenses."
Among other findings are the phishing sites that are ranked most dangerous. Credential stealing sites -- fake login pages -- are top here, followed by malware sites hosting rogue browser extensions and apps at 17 percent. But other types of phishing sites also rank high, with scareware and sites hosting weaponized docs coming in at 16 percent.
You can find out more on the SlashNext blog.