The latest State of the Phish report from Proofpoint highlights the effectiveness of phishing, making it the threat vector to focus on as you begin 2019.
It’s one thing to see specific threat vectors grow a bit over the course of quarters. When that happens, we all, generally, brush it off as a slight shift in tactics on the part of cybercriminals. But when you hear about material increases in the number of attacks, it’s time to stop what you’re doing and take notice.
Proofpoint’s 2019 State of the Phish report shows that organizations are feeling the heat of phishing like never before – and feeling its’ impact as well. According to the report, all types of phishing attacks in 2018 occurred more frequently than in 2017:
- 96% of organizations said the rate of phishing attacks either increased or stayed consistent throughout the year
- IT professionals experiencing spear phishing jumped nearly 21%
- USB-based Social Engineering attacks experienced jumped 25%
- Vishing (voice phishing) and smishing (SMS-based phishing) increased by 9%
And, according to the report, phishing was far more than a nuisance in 2018, putting organizations significantly at risk in a number of ways:
- Phishing attacks involving compromised accounts rose 71%
- Phishing attacked involving loss of data rose nearly 85%
The challenge with phishing is that cybercriminals are leveraging social engineering skills and contextual details to fool their victims into participating in the scam. The most effective way to stop phishing attacks from being successful is to take advantage of Security Awareness Training, which educates users on phishing tactics, the use of malware, spoofed email addresses, malicious links, spoofed web pages, and more as tools to make the phish more believable. By knowing what to look for, users are less likely to fall for such attacks, reducing the attack surface and organizational risk.