The latest cyber attack trend data in the U.K. shows the majority of data breaches in 2019 began with a phishing attack. Security consulting firm CybSafe analyzed three years of the U.K.’s Information Commissioner’s Office (ICO) cyber breach data from 2017 – 2019. The data was release just last week. Out of nearly 2400 reported data breaches, over 1000 – 45.5 percent – of attacks were initiated by a phishing attack.
According to the report, phishing dominated over unauthorized access, ransomware, malware, and misconfigurations. This preponderance of phishing being the initial attack vector is consistent with the ICO’s 2018 data as well, indicating that cybercriminals are seeing phishing as a staple tactic that simply works.
It’s good to see data that confirms what we already know – phishing is your organization’s biggest problem. By hearing this fact repeatedly, organizations can begin to craft preventative security measures that will actually have an impact.
With most organizations already putting security solutions in place to detect malicious email and web content, it’s important to empower your last line of defense – your users. By putting them through continual Security Awareness Training, users become a part of the organization’s security strategy. Phishing emails no longer would get the innocent interaction they require by users; instead, users have a changed mindset that causes them to be suspicious of even the smallest out of place detail. The end result is phishing becomes ineffective as an attack vector.
Phishing isn’t going anywhere. It’s time to alter your security strategy to ensure phishing is a fruitless tactic against your organization.