Europol Finds Majority of Attack Groups Rely on Spear Phishing as Primary Infection Vector

Angler_PhishingA new report from Europol’s European Cybercrime Center (EC3) breaks down how targeted phishing attacks are being done, and how to avoid becoming a victim.

It’s important for organizations to understand the tactics used by cybercriminals, so that proper defenses can be propped up. The more closely aligned your layered security strategy is to attack tactics, the more successful your strategy will be.

So, when a report like Europol’s Spear Phishing: A Law Enforcement and Cross-Industry Perspective breaks it down for you, it’s a good idea to take notice. Built upon insights from 70 global financial institutions, this report provides solid insight into how attacks are happening.

According to the report,

  • Spear-phishing is heavily used; in 65% of targeted attacks, spear-phishing is used as the primary attack tactic
  • In data breaches, phishing accounts for 32% of the attacks
  • Phishing is present in 78% of all cyber incidents

In short, phishing and spear-phishing are some of your worst enemies.

Given that half of all malicious email attachments are office files, according to Europol, it means – in general – users need to interact with these attachments for them to have any effect. So, it makes sense that one of the aspects of your security strategy needs to be user Security Awareness Training to educate users on how to identify suspicious email content and to avoid clicking on attachments. Additionally, phishing testing of your users helps provide a feedback loop for the training, helping you identify where your “user security,” as it were, is weakest.

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews