The cybersecurity firm Proofpoint shared its 2020 State of the Phish report, which showed that 65% of American organizations (55% worldwide) experienced at least one successful phishing attack last year 2019.
The report was taken from information that Proofpoint gathered from a third-party study participated by 3,500 employed people in the United Kingdom, America, France, Germany, Australia Japan, Spain and also a survey joined by 600 IT security experts in those countries. Information was furthermore acquired from reports of clients who got 9 million suspicious email messages and around 50 million simulated phishing emails this past year.
Infosec specialists think that the number of phishing attacks stayed the same or declined in 2019. This supports what lots of cybersecurity businesses have discovered: Phishing tactics are better. Cybercriminals are now focusing on quality as opposed to quantity.
Ordinary phishing probably has become less usual, nevertheless, spear-phishing attacks are much more widespread. 88% of organizations reported they experienced spear-phishing attacks in 2019 and 86% stated they came across business email compromise (BEC) attacks.
Phishing attacks are generally performed by means of email, but phishing by means of SMS messages (Smishing), social media platforms, and voice phishing by mobile phone (vishing) are all common. 86% of study respondents noted they experienced a social media phishing attack this past year, 84% had a smishing attack, and 83% experienced a voice phishing attack.
Proofpoint’s report reveals ransomware attacks diminished from 2017, nevertheless IT specialists said ransomware infections went up via phishing emails. This is as a result of the growing popularity of ransomware-as-a-service, that permits folks devoid of the skills to produce their own ransomware variants to carry out attacks making use of ransomware made by others.
Once the ransomware attack is encountered, giving the ransom demand will never assure the retrieval of encrypted information. Only 69% of firms that gave the ransom got data access following the first payment. 7% were provided with more demands which they denied to pay, causing information loss. 2% paid those additional demands and got back their files, and 22% claimed they were not able to get back the encrypted information.
Layered defenses are crucial for dealing with the danger from malware, ransomware and phishing, nevertheless, Proofpoint explains that technical security could only go this far. What is furthermore essential is repeated training on security awareness for the labor force.
Proofpoint advises having a people-centric tactic to cybersecurity by combining company-wide awareness training aims and targeted threat-driven instruction. The target is to enable users to determine and report attacks.
95% of surveyed institutions claimed they offer security awareness training to the labor force and 94% of the organizations that indeed, really give training more often than yearly. The statistics are great, yet there is still a big room for growth. Only 60% of firms that give training do so by way of formal cybersecurity training and 30% claimed they only give training to a percentage of their user base.
Training certainly appears to be having a positive effect, as reporting phishing emails had a 67% increase in 2019 compared to 2018, so employees are taking training onboard, are getting better at identifying threats, and are taking the right action of reporting suspicious emails to their security teams.