Interesting question. How could one get a data set to determine what "most" constitutes? Spear-phishing, by its nature, is hard for third parties to observe...
Isn't it true, that most large, APT-type attacks, involved spear phishing? I've made this list of spear-phishing attacks (http://spearphishing.blogspot.com), and realized that Stuxnet is the only such attack where spear-phishing did not play key role, that comes to my mind. But surely there were more?
My point is that it is hard to get spear phishing data so it is hard to assess the ratio of attacks.
I think it is interesting, but I worry about whether we're seeing a representative sample of attacks. I would like to think our obvious conclusion is correct but the scientist in me worries about whether I've seen a representative sample.
Add a comment...