Again this last year phishing lead the charge in most data breaches. According to the latest phishme “2016 Enterprise Phishing Susceptibility and Resiliency Report” 91% of data breaches begin with spearphishing. This is supported by the 2016 Verizon Data Breach Report.
Both companies warn that phishing attacks are a significant threat, potentially the most significant.
Unfortunately there are not great technological solutions to prevent phishing. Spam tools or anti-virus may help, but phishers continually evolve their messages and approaches.
Training, in my opinion, is still the best way to prevent phishing or any type of social engineering. Through targeted training and testing, organizations have the ability to reduce a persistent threat