In 2021, approximately 83% of all organisations reported to have experienced phishing attacks and, in this year of 2022, 6 billion more attacks are impending.
Phishing is the technique where a malicious actor lures a victim into revealing sensitive information. This can be through large “spray-and-pray” type campaigns involving multiple recipients or, a more targeted approach crafting attacks for specific individuals, known as Spear Phishing. Phishing has been around since the early days of the Internet as one of the oldest vectors of attack.
Some Key Facts About Phishing:
- 15 billion spam/junk emails are sent every single day
- 214,345 phishing websites were recognised in 2021, which is 2x more than 2020.
- In organisations, around 30% of all phishing emails were opened
Security awareness is a crucial way to address this issue. This is nothing new, but as an industry we’re still not doing enough to help educate our colleagues, families, and friends. An organisation could confidently say they have met peak maturity when every employee is performing the duties of a security guard to identify when something isn’t right and report it. Achieving this is a journey that requires constant training and awareness.
Here Are Top 5 Phishing Quick Tips:
- NEVER click on something you’re unsure of or not expecting.
- NEVER submit credentials by following a link. Always go directly to the site.
- If you have mistakenly submitted credentials or clicked on something that isn’t right, RESET your password and REPORT it. (If you’re reusing passwords, reset it for all accounts and logins where it is used)
- Use MFA. There’s no excuse to not be using it in 2019.
- Lastly, if you’re unsure or ever in doubt, send it to your cyber security team. Everyone should know how to do this (for example: firstname.lastname@example.org or email@example.com)
At Privasec, we can conduct phishing simulations to help assess your current exposure level and provide security awareness training for your employees. We can even conduct complete red team engagements to identify vulnerabilities so you can remediate and work towards securing your assets.