At PhishCloud, we agree that people are important to help deter phishing. There are some of the reasons why we’ve got a new strategy.
In 2018 alone, 83% of people got phishing emails.
64 percent of companies witness phishing attacks
Why it’s hard to spot a fake
49 percent of hackers tend to target human nature, not technology.
The assaults on social engineering are on the rise—more than doubling between 2013 and 2018.
Why isn’t it enough to look for red flags?
384 billion emails are sent every day, with 85 percent spam
In 2018, 8 out of 10 people witnessed a phishing attack.
Many employees are left behind in the dark
2 out of 3 customers got phishing emails
1 in 3 has been compromised
The computer was infected with a virus or malware
Notified that their account has been compromised
The social media or email account had been compromised
The victims of Phishing have faced
Accounts compromised: 65%
Malware infections: 49%
Data loss: 24 percent
Businesses are losing about $2 million per event, but not all of it.
Decreased productivity: 67%
Loss of data: 54%
Reputation damage: 50%
1 in 3 customers quit using a company after a breach of security
101 Social Engineering
72% of workers say that shielding themselves from email threats has become more complicated since 2016.
Phishing Psychology | What are we going to fall for?
Toll Breach Notification | Why? Create a sense of urgency
Payment Invoice Needed | Why? Mimics practical, customised messages
Updated Plan for Building Evacuation | Why? Preys on anxiety with need-to-know details
But phishing attacks can also come undetected
Form-jacking
When website forms are hacked to obtain information from private users
Often used to steal credit card and payment information from the checkout tab.
Formjacking is a major concern to both companies and customers” Greg Clark, Chief Executive Officer of Symantec
Ransomware is
When hackers lock a computer and ask for ransom to unlock data
Large companies, government departments, law firms and banks are among the key targets | Why? Why? To ensure their secure information and access to large funds
77 per cent of active social engineering attacks start with phishing— How could you protect your business?
Cyber Protection That Works: Why You Need People, Not Just Technology
Annual training is not good enough
95 percent of infosec professionals train staff to detect phishing attacks
Despite annual preparation, 35% of workers do not know what “phishing” entails.
1 in 10 clicked a connection in a phishing email
Current Phishing Solutions Alone Are Not Scalable
Common Practice: Have workers send suspicious emails to IT
The Problem: Of all emails flagged by staff, only 15% are actually malicious—and many malicious emails slip through cracks.
People learn more by practising and strengthening
Over half of the infosecurity professionals agree that training has minimised phishing susceptibility
76% of competent phishing victims receive additional advice from the boss rather than harmful outcomes.
74% of hackers claim they’re seldom pleased by the security measures of the organisation]
People are the key to security
Training staff to detect phishing attacks
Offer them feedback about their effectiveness
Get everybody interested in protecting the business
In 2018, 93% of security breaches included phishing* scams.
The Internet is full of dark alleys—Teach your staff to shine a light in the dark.
Sources:
https://us.norton.com/internetsecurity-emerging-threats-what-is-formjacking.html
https://fortune.com/2017/04/27/facebook-google-rimasauskas/
https://www.paypal.com/us/brc/article/what-is-phishing-or-spoofing
https://www.nuix.com/black-report/black-report-2018
https://www.symantec.com/security-center/threat-report 1
https://www.infosecurity-magazine.com/news/mps-bombarded-spam-brexit-no-deal/
https://www.talosintelligence.com/reputation_center/email_rep
https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html