A new report from Europol’s European Cybercrime Center (EC3) breaks down how targeted phishing attacks are being done, and how to avoid becoming a victim.
It’s important for organizations to understand the tactics used by cybercriminals, so that proper defenses can be propped up. The more closely aligned your layered security strategy is to attack tactics, the more successful your strategy will be.
So, when a report like Europol’s Spear Phishing: A Law Enforcement and Cross-Industry Perspective breaks it down for you, it’s a good idea to take notice. Built upon insights from 70 global financial institutions, this report provides solid insight into how attacks are happening.
According to the report,
- Spear-phishing is heavily used; in 65% of targeted attacks, spear-phishing is used as the primary attack tactic
- In data breaches, phishing accounts for 32% of the attacks
- Phishing is present in 78% of all cyber incidents
In short, phishing and spear-phishing are some of your worst enemies.
Given that half of all malicious email attachments are office files, according to Europol, it means – in general – users need to interact with these attachments for them to have any effect. So, it makes sense that one of the aspects of your security strategy needs to be user Security Awareness Training to educate users on how to identify suspicious email content and to avoid clicking on attachments. Additionally, phishing testing of your users helps provide a feedback loop for the training, helping you identify where your “user security,” as it were, is weakest.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
