McAfee phishing study riles rival Imperva
Imperva begs to differ with report by McAfee suggesting phishing continues to rise and pose 'significant security risks'
A report released today by McAfee Labs suggesting 79 per cent of business users were unable to identify phishing emails over real ones has been attacked by rival Imperva.
The McAfee Labs Threats Report, which surveyed 1,755 UK participants by sending them a quiz with 10 emails and asked users to distinguish between a phishing attempt and a real email, found that only 21 per cent were able to identify one or more of the seven phishing emails.
This week, many experts have said that the celebrity photo leak was obtained through phishing emails, and security firm Symantec is now warning that criminals are sending emails to iCloud users pretending to be from Apple support.
According to McAfee, phishing is rising as a strategy used by cybercriminals looking to infiltrate enterprise networks or personal devices, with nearly one million new sites created in the past year.
"Phishing continues to pose significant security risks for businesses and consumers alike," said Raj Samani, chief technology officer EMEA at McAfee.
"More worryingly, perhaps, is the lack of education around how to spot a phishing email amid the many emails we're sent on a daily basis," he said.
However, Imperva chief technology officer Amichai Shulman hit back at the report, arguing that end users should not be blamed for falling for phishing scams and accusing McAfee of operating an "old-fashioned approach" to dealing with the security threat.
"It's time we stopped blaming people for falling prey to phishing attempts as represented by such quizzes," he said.
"It's one thing to expect an employee to refrain from opening an apparent executable file attached to a slurred, out-of-context email. It's totally unreasonable to expect normal human beings to inspect carefully an attached or downloaded file that visually looks like a PDF especially if the accompanying message is in context (eg an unpaid invoice or an unsolicited CV)."
Shulman added: "The data in the report clearly shows that infection of end-point machines is inevitable and that organisations must build a new line of defence closer to their data resources. It's also a wake-up call for application and service providers to take responsibility for account security and not leave it to end users."
The results of McAfee's report showed that HR and finance departments were the worst at detecting scams, while research and development departments were the strongest.
The report also showed a growth in malware, with more than 31 million samples recorded in the last quarter – the largest ever recorded in a single quarter.