India receives the highest number of suspicious emails per day and 53 per cent of Indian firms were victims of spear-phishing last year. One Indian firm receives five highly-personalised spear-phishing emails per day and users at companies with more than a 50 per cent remote workforce are witnessing higher levels of suspicious emails, says a new report.


Spear-phishing attacks comprise only 0.1 per cent of all e-mail-based attacks, but they are responsible for 66 per cent of all breaches. According to the 2023 Spear-Phishing Tends Report, on average 24 per cent had at least one email account compromised through account takeover. 


On average, 24 per cent of Indian organisations had at least one email account compromised through account takeover, according to a new report by IT security firm Barracuda Networks. On average, organisations take nearly 100 hours to identify, respond to and remediate a post-delivery email threat.


Spear phishing is a highly-personalised form of email attack. Spear-phishing emails essentially work by trying to steal sensitive information, such as login credentials or financial information, which is then used to commit fraud, identity theft, and other crimes.


Meanwhile, Indian organisations take 67 hours to detect the attack and 53 hours to respond and remediate after the attack is detected.


"Even though spear phishing is low volume, with its targeted and social engineering tactics, the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating," Fleming Shi, CTO, Barracuda, said in a statement.


About 63 per cent of Indian respondents that experienced a spear-phishing attack reported machines infected with malware or viruses, 61 per cent reported having stolen login credentials or account takeover and 56 per cent reported having sensitive data stolen, the report noted.


Spear-phishing attacks make up only 0.1 per cent of all email based attacks, according to Barracuda data, but they are responsible for 66 per cent of all breaches, the findings showed.


"Users at companies with more than a 50 per cent remote workforce report higher levels of suspicious emails -- 12 per day on average, compared to 9 per day for those with less than a 50 per cent remote workforce," the findings showed.


Overall, the research revealed that cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up. While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.


"To help stay ahead of these highly effective attacks, businesses must invest in account takeover protection solutions with artificial intelligence capabilities," added Fleming.