While many of us tend to think of cyber criminals as mastermind hackers who perpetrate state-of-the-art attacks from behind the shadows of a hoodie, the truth is the majority are simple scam artists. They don't bother with coming up with sophisticated ways to break through complex security systems. Why bother going to all that trouble when you can simply trick an employee into giving up information or clicking a link?
To help you get a better sense of the danger phishing poses (and to help you explain the risk of phishing to your boss and your users), we've collected seven telling statistics.
Once you're done reading these, be sure to check out our latest eBook, The Phishing Field Guide: How to Keep Your Users Off the Hook. It's full of actionable advice you can use to improve your organization's security posture and keep your employees safe.
Wombat 2016 State of the Phish
According to Wombat Security’s 2016 State of the Phish report, not only are more organizations falling victim to phishing attacks, the number and sophistication level of the attacks they’re experiencing has gone up. Two-thirds of the organizations they studied reported experiencing attacks that were targeted and personalized (spear phishing attacks), up 22 percent from the year before. (Wombat Security)
The sad thing is most marketers would kill for that open rate. The sadder thing is it explains why phishing continues to be so popular among attackers. It's a delivery tactic that works. Help your users avoid becoming phishing victims with these five tips. (Verizon 2016 DBIR)
Considering the success rate of phishing, perhaps it's no surprise malicious email attachments and links are two of the top three malware delivery mechanisms of choice for attackers. That makes email filtering and user education both smart security investments. (Verizon 2016 DBIR)
APWG Phishing Activity Trends Report
While it’s common to see a brief spike in phishing incidents around the holidays, researchers at the Anti-Phishing Working Group (APWG) were surprised to see this year’s spike grow into a sustained surge. The group observed more phishing attacks in Q1 2016 than in any other three-month span since it began tracking data in 2004. (SC Magazine)
PhishMe Q1 2016 Malware Review
Anti-phishing vendor PhishMe reported a dramatic increase in the number of phishing emails deploying ransomware payloads over the course of Q1 2016. During March, 93% of the phishing emails they collected intended to infect victims with ransomware. (PhishMe)
Not only is spear phishing increasingly common, attacks are also proving to be incredibly costly. According to a recent Cloudmark survey, companies hit by a successful spear phishing attack in the past 12 months suffered an average financial cost of $1.6 million. (Cloudmark)
Over a third of the respondents to a recent survey by AlienVault reported their executives have fallen victim to a CEO fraud email, and over 80 percent believed their executives could fall for targeted phishing scams in the future. Those concerns are well-founded. More than 50 organizations, including Snapchat and Care.com, were successfully targeted by CEO fraud emails asking for W-2 information this past tax season alone. (AlienVault)
Sometimes the best way to stop phishers is to learn how to think like one. Download our Phishing Field Guide: How to Keep Your Users Off the Hook to find out who in your organization is most at-risk for getting phished and what you can do to stop them from taking the bait.
Jonathan covers the latest threats and cybersecurity trends from a practical point of view.
How to recognize, stop, and avoid phishing attacks.
