A recent survey of more than 200 security leaders at U.S. organizations found that 60 percent of respondents said their organizations were or may have been victims of at least one targeted social engineering attack in the past year.
Sixty-five percent of those attacked said employees' login credentials were compromised as a result of the attacks, and 17 percent said financial accounts were breached as a result.
The survey, conducted by the Information Security Media Group (ISMG) on behalf of Agari, also found that 89 percent of respondents have seen either a steady pace or an increase in spear phishing and other targeted email attacks in the past year -- and 69 percent of those attacks target user credentials.
And while more than a fifth of respondents have no confidence in their business partners' ability to defend against social engineering attacks that could compromise their organizations, 50 percent have no programs in place to audit and encourage partners to authenticate emails sent to their organizations.
"Email-based attacks using social engineering are enabling cybercriminals to steal corporate secrets, carry out politically motivated attacks and steal massive amounts of money," Agari chief scientist Markus Jakobsson said in a statement.
"We expect to see a catastrophic growth of these types of attacks in the future, fueled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks," Jakobsson added.
Separately, a recent Gemalto survey of 1,150 IT decision makers worldwide found that 90 percent of respondents are concerned about employees in their organization reusing personal credentials for work purposes.
Ninety-four percent of respondents protect at least one application with two-factor authentication, and 96 percent expect their organization to expand its use of two-factor authentication in the future.
In response to recent breaches of consumer services, 49 percent of respondents said their staff is now trained on security and access management, and 47 percent have increased spending on access management.
Still, 47 percent of respondents believe their organization's level of employee authentication is weaker than those used by consumer websites such as Facebook and Amazon.
A recent eSecurity Planet article offered advice on how to get identity authentication right.
Photo courtesy of Shutterstock.