For All Organisations, The First Step To Falling For A Cyber-Attack Is Believing That They Won't Be Attacked.
However, as revealed in Proofpoint’s 2022 State of Phish report, an alarming 83% of organisations encountered a successful email-based phishing attack in 2021, in which a user was tricked into a risk action, like, clicking a bad link, downloading a malware, providing credentials, and executing a wire transfer. This is a staggering 46% increase over 2020.
In addition, up to 78% of organisations experienced email-based ransomware attacks in 2021, and 77% faced businesses faced business email compromise attacks (BEC), which is an 18% year-on-year increase for BEC attacks from 2020.
In 2020, there was an increase in phishing attacks, where the loss attributed to phishing was USD 1.8 Billion. Additionally, phishing attacks contributed to a significant 22% of data breaches in 2020.
Prevention Starts With Educating Your Employees About Some Of The Most Common Types Of Cyber-Attacks, Such As Spear Phishing And How They Can Be Countered.
Phishing on a whole is like casting a wide net thrown over a large area of water and hoping to catch as many fish as possible. While spear phishing, as the name suggests, is speared and targeted at specific victims and individuals.
Spear Phishing Is So Successful Because They Are Extremely Believable.
According to Symantec Internet Security Threat Report (ISRT) for 2019, up to 65 % of attacker groups used spear phishing as the primary infection vector. Based on data from an email security firm, IronScales, 77% of attacks are laser-focused, targeting ten accounts or less, with a third of attacks targeting only one account. The attackers are spending more time and effort gathering information about the target company through reconnaissance, which is used to craft highly targeted and tailored phishing emails.
Spear Phishing attacks differ from other phishing attacks in that they target a victim to extract information. The messages are tailored to the victim, thus increasing the chances of fooling the recipient. As reported by FireEye, individuals opened 3% of their spam and 70% of the spear-phishing attempts. And of those, 50% clicked on the links in the opened spear-phishing emails as compared to 5% for mass mailings. Also, in a spear phishing campaign of 10 emails, there is a 90% chance of capturing its target.
The First Step To Prevent Spear Phishing Is To Minimise The Exchange Of Confidential Information Via Email And To Avoid Posting Too Much Personal Information Online.
While many organisations focus on protecting the machines that staff use, including having anti-phishing software to detect and flag incoming attacks, the human touch is the weakest link in an organisation’s cyber defence. Employee security awareness training also needs to be prioritised in which up to 97% of users are unable to recognise a sophisticated phishing email.
By conducting security awareness training and phishing simulation, organisations can educate their team in detecting cyber threats to prevent cyber attacks, where 84% of US-based organisations state that security awareness training has lowered phishing failure rates.