With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks.
One of the challenges with attacks is that we rely on security solutions to look for indicators of malicious intent. Content within an email, where a link points to, and the insides of an attachment can indicate potential foul play.
But when it’s a malicious QR-code being sent to someone, there are two aspects of this kind of attack that throw off an organization’s ability to detect malice intent. First, email scanners don’t (currently) have the ability to follow a QR-code and see where it goes, and second, a QR-code changes devices mid-attack, making it impossible for security solutions to stay in control of the situation.
So, do organizations really have an ability to stop such attacks? According to a new Osterman Research report, Fortifying the Organization Against Image-Based and QR Code Attacks, the answer is a resounding no.
According to the report, 70% of organizations believe they’re ready to detect and stop QR-code attacks, and yet only 5.5% were able to detect and block every image-based and QR-code phishing attack from reaching the inbox over the past 12 months.
So nearly three-quarters are “ready” and 94.5% weren’t. The math doesn’t add up.
To combat this, the report points out that 80% of organizations are training users to spot such attacks to help minimize the likelihood they’ll engage with the QR-code. Here at KnowBe4, we know that not all security awareness training is created equal.
It’s one thing to implement “training” as a quarterly breakroom session for 30 minutes. It’s an entirely different thing to implement continual new-school security awareness training that includes phishing testing to ensure users are improving their sense of vigilance and reducing the potential risk they pose to the organization with the opening of each email.
QR-code phishing will only exist for as long as victims keep engaging with the codes. Teach your users not to — the organization’s security will thank you.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
