Dive Brief:
- Phishing attacks increased by 65% in the last year, costing mid-sized companies about $1.6 million each, according to a PhishMe report. The findings were based on 52 million phishing simulations from January 2015 to July 2017 and actual attacks from January 2017 to August 2017.
- Among the different types of email phishing schemes, e-cards, rewards/incentives and reviews are among the most effective. But payment notifications from healthcare providers, insurance contracts and new financial faxes/charges are the highest "active risks" in their respective industry.
- However, when employees began reporting suspicious activity, the number of phishing attempts decreased. The "see something, say something" approach by employees increased from 16.2% in 2016 to 20.7% in 2017.
Dive Insight:
Phishing schemes are typically successful because the hackers behind them prey on untrained individuals. Email remains the predominant mode of company communication with nearly three-quarters of CIOs also preferring it.
Hackers target popular services in the enterprise like Google accounts. Phishing attacks, keyloggers and third-party breaches are the top three threats for those using Google accounts. About 80% of "blackhat phishing tools" were in attempt to access an IP address.
In response to the risk some Gmail users face, Google began its "Advanced Protection Program" which features automatic defense updates after enrollment.
Companies spend about $74 billion on security solutions every year and yet hackers are able to exploit vulnerabilities through phishing, stolen credentials and even stolen devices. The solution for companies is educate their workforce with defenses against "simple deception."
Safeguards that can be implemented in addition to sufficient training includes AI and ML capabilities that reduce the risk of human error. But ultimately, if an entire infrastructure can be thwarted by a phishing scheme, there are further weaknesses that need addressing.