Nearly half of workers have clicked on a phishing email

(Image credit: Shutterstock)

New research from the business app and discovery platform GetApp has revealed that almost a quarter of businesses have fallen victim to a phishing attack.

The firm surveyed 714 people working in businesses across the US to discover that many organizations are not taking the proper measures to protect themselves from phishing attacks including employee training and the implementation of two-factor authentication.

Of those surveyed, only 64 percent said they currently use a two-factor authentication system to help protect their organization's data. This means that over one third of organizations are potentially leaving themselves exposed to phishing attacks.

Office 365 phishing attacks targets admin accounts
Hackers spoofing US postal service to trap victims
People are still the biggest security threat

Some phishing schemes, such as spear phishing, target specific members of staff within an organization and this is typically accomplished through social engineering.

GetApp's research found that nearly half (43%) of employees say that someone in their organization has clicked on a phishing email and this shows that there is a need for more training to help raise awareness about potential attacks.

The survey also found that only 27 percent of organizations provide social engineering awareness for their employees and that only three-in-ten businesses conduct regular phishing tests to gauge their employees' vulnerability and susceptibility to phishing scams.

Senior content analyst at GetApp, Zach Capers provided further insight on the firm's research into phishing scams, saying:

“Our survey shows that a surprisingly large number of businesses have been fooled by phishing scams. With technology advancing and tactics evolving, the need to remain vigilant against cyber attacks is more important than ever. The most worrying part of this is how many employees have clicked phishing emails compared to how few companies are actively working to train their employees to recognize them. Spear phishing is an effective and inconspicuous way of infiltrating a business. It’s vital that employees are taught to recognize it.”

Keep your devices protected with the best antivirus software

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.