Security teams are sounding the alarm: 64% of enterprises faced off-channel attacks in the past year, but most still train only for email-based attacks.

NEW YORK, NY, UNITED STATES, September 4, 2025 /EINPresswire.com/ -- As social engineering attacks evolve to exploit encrypted messaging, SMS, collaboration tools, and voice calls, enterprises remain stuck preparing users only for email threats, according to new data from Dune Security. This mismatch leaves organizations vulnerable, even as high-profile breaches highlight the risks.

Drawing from Dune Security’s 2025 Insider Threat Intelligence Report, including survey data from leading enterprise CISOs (Chief Information Security Officers) and behavioral telemetry from its simulation engines, concern outpaces action across vectors. For instance, 71% of CISOs worry about SMS phishing (smishing), yet only 27% simulate it; 59% fear voice phishing (vishing), but just 15% test it. Testing for collaboration tools and encrypted messaging? It plummets to single digits or zero, despite 38% concern for attacks coming from these channels.