Spear phishing is the preferred attack method for advanced threat actors. Well-crafted spear phishing attacks easily slip past layers of defenses and target the only vulnerability that cannot be patched -- people. The vast majority of headline data breaches in recent years have all begun with spear phishing attacks. If your organization has intellectual property, customer data, or critical systems that are valuable, your employees are being targeted with spear phishing emails.
Employees are not just being targeted, they're also being exploited at an alarming rate. Spear phishing emails are exceedingly effective. On average, employees open links or attachments in one out of every five spear phishing emails. This means that a well-crafted spear phishing campaign targeting at least five employees will almost always result in a compromised user.