Getting Out of the Phish Net: How to Make People Your Most Valuable Asset

Getting Out of the Phish Net: How to Make People Your Most Valuable Asset

At PhishCloud, we agree that people are important to help deter phishing. There are some of the reasons why we’ve got a new strategy.
In 2018 alone, 83% of people got phishing emails.

64 percent of companies witness phishing attacks

Why it’s hard to spot a fake
49 percent of hackers tend to target human nature, not technology.

The assaults on social engineering are on the rise—more than doubling between 2013 and 2018.

Why isn’t it enough to look for red flags?

384 billion emails are sent every day, with 85 percent spam

In 2018, 8 out of 10 people witnessed a phishing attack.

Many employees are left behind in the dark

2 out of 3 customers got phishing emails

1 in 3 has been compromised

The computer was infected with a virus or malware

Notified that their account has been compromised

The social media or email account had been compromised

The victims of Phishing have faced

Accounts compromised: 65%

Malware infections: 49%

Data loss: 24 percent

Businesses are losing about $2 million per event, but not all of it.

Decreased productivity: 67%

Loss of data: 54%

Reputation damage: 50%

1 in 3 customers quit using a company after a breach of security
101 Social Engineering

72% of workers say that shielding themselves from email threats has become more complicated since 2016.

Phishing Psychology | What are we going to fall for?

Toll Breach Notification | Why? Create a sense of urgency

Payment Invoice Needed | Why? Mimics practical, customised messages

Updated Plan for Building Evacuation | Why? Preys on anxiety with need-to-know details

But phishing attacks can also come undetected

Form-jacking

When website forms are hacked to obtain information from private users

Often used to steal credit card and payment information from the checkout tab.

Formjacking is a major concern to both companies and customers” Greg Clark, Chief Executive Officer of Symantec

Ransomware is

When hackers lock a computer and ask for ransom to unlock data

Large companies, government departments, law firms and banks are among the key targets | Why? Why? To ensure their secure information and access to large funds

77 per cent of active social engineering attacks start with phishing— How could you protect your business?

Cyber Protection That Works: Why You Need People, Not Just Technology

Annual training is not good enough

95 percent of infosec professionals train staff to detect phishing attacks

Despite annual preparation, 35% of workers do not know what “phishing” entails.

1 in 10 clicked a connection in a phishing email

Current Phishing Solutions Alone Are Not Scalable

Common Practice: Have workers send suspicious emails to IT

The Problem: Of all emails flagged by staff, only 15% are actually malicious—and many malicious emails slip through cracks.

People learn more by practising and strengthening

Over half of the infosecurity professionals agree that training has minimised phishing susceptibility

76% of competent phishing victims receive additional advice from the boss rather than harmful outcomes.

74% of hackers claim they’re seldom pleased by the security measures of the organisation]

People are the key to security

Training staff to detect phishing attacks

Offer them feedback about their effectiveness

Get everybody interested in protecting the business

In 2018, 93% of security breaches included phishing* scams.

The Internet is full of dark alleys—Teach your staff to shine a light in the dark.

Sources:

https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1872724/ESG-Solution-Showcase-Cisco-Email-Oct-2018.pdf?oid=anrsc013962 1

https://cofense.com/wp-content/uploads/2017/11/Enterprise-Phishing-Resiliency-and-Defense-Report-2017.pdf

https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/consumer-business/deloitte-uk-consumer-review-nov-2015.pdf

https://us.norton.com/internetsecurity-emerging-threats-what-is-formjacking.html

https://fortune.com/2017/04/27/facebook-google-rimasauskas/

https://www.paypal.com/us/brc/article/what-is-phishing-or-spoofing

https://info.wombatsecurity.com/hubfs/Wombat_Proofpoint_2019%20State%20of%20the%20Phish%20Report_Final.pdf

https://www.nuix.com/black-report/black-report-2018

https://www.symantec.com/security-center/threat-report 1

https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/

https://www.infosecurity-magazine.com/news/mps-bombarded-spam-brexit-no-deal/

https://www.talosintelligence.com/reputation_center/email_rep

https://www.phishingbox.com/assets/files/images/Check-Point-Research-Information-Security-Report-2018.pdf

https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf

https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top