Spear phishing is on the rise in both frequency and effectiveness, making it an even greater threat to organizations who let their defenses down – even a little.
According to the report:
- 51% of organizations have seen spear phishing increase in the last 12 months, with 45% experiencing the same amount, and only 4% saying it has decreased!
- 65% of organizations have experienced spear phishing attacks in the last 12 months
- 57% of organizations experience spear phishing weekly or daily
I’ve already covered how this deadly combination of BEC and spear phishing also includes the use of detailed impersonation efforts to keep the victim recipient’s defenses down.
When you add it all up, it’s evident that cybercriminals are working harder than ever to tailor campaigns down to the specific user. With the rise in “Cybercrime-as-a-Service” offerings, I suspect we'll soon see the days of generic phishing emails to go by the wayside, in favor of custom attacks where the threat actor chooses a company, the service figures out who to target, a tailored spear phishing email is crafted, and the attack is executed.
Scary stuff, I know.
Because much of these attacks center around BEC – which tends to end in fraud via some kind of financial transaction – it’s critical that any employee involved with an ability to carry out any kind of financial transaction undergo continual Security Awareness Training where they learn about how cybercriminals target them, the impersonation tactics used, what kinds of malicious actions are they driving towards, and how to spot these attacks before they take hold.