The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.
Having just taken a look at a massive analysis of tens of billions of 2023 cybersecurity events in The 2024 Comcast Business Cybersecurity Threat Report, I feel a little redeemed.
According to the report, 2.6 billion phishing events were detected by Comcast Business last year. To put that big a number into perspective, that’s slightly less than 5000 phishing attacks detected every minute of last year.
But phishing attacks on organizations are only a means to an end – and, usually, that end is one of just a few outcomes: malware infection, some kind of socially-engineered recipient response, or attempted credential theft.
And Comcast makes it clear that credential access is “intricately tied” to phishing attacks with over 400 million instances of credential access techniques detected (that’s over a million each day) that include OS credential dumping, forced authentication, stolen or forged authentication certificates, and exploitation for credentialed access.
In other words, organizations need to be worried about stopping phishing attacks and keeping credentials secure – something that can be assisted through the use of new-school security awareness training designed to educate employees about both phishing and the need for vigilance when it comes to their credentials.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
