Proofpoint released its eighth annual State of the Phish Report. This provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals hackers were more active in 2021 than in 2020 with findings uncovering an 18% increase from last year’s number of business email compromise attacks (BEC) as well a significant rise both globally to 78%, specifically targeting people rather than systems through technical vulnerabilities. Additionally, three-quarters saw malware delivered via emails during this period.
The report assesses the current state of information security and the ways it has changed over time. Also, it looks at findings from surveys sent out to 600 professionals in this field plus data collected on more than 15 million emails reported through Phish Alarm. This is an easy-to-notify feature available for users that helps combat phishing attacks when they are happening within their company’s network.
The reality is that attacks in 2021 had a much wider impact than in 2020. The report reveals 83% of survey respondents stated their organization experienced at least one successful email-based phishing attack. In line with this widespread success rates rose dramatically as well. More than two-thirds (68%) reported dealing with ransomware infections stemming from direct payloads or second-stage malware deliveries. This trend shows no signs so far though; while there was an increase compared to a side note.
Also, the report provides guidance and best practices on how to defend against phishing threats. It suggests a framework of user education, technology implementation, and policy enforcement as the three pillars of an effective security strategy. Furthermore, it stresses that organizations should pay extra attention to mobile device users, as they are particularly vulnerable due to their frequent absence from the corporate network. Finally, it recommends keeping abreast with the ever-changing threat landscape by monitoring the attack surface continually for malicious email activity.
The Global Findings of the State of Phish report include:
- The report found that many workers are not following cybersecurity best practices, which puts them at risk for ransomware infections. Almost 60% of people who experienced this type of attack pay the fee as soon as possible or were ordered to pay more money before regaining access.
- The risks associated with poor cybersecurity practices are clear, as 42% of workers said they took a dangerous action (clicked on malicious links or downloaded malware) in 2021. Also, 56 percent allowed friends and family members to use their employer-issued device for things like playing games while streaming media browsing online shopping, etc.
- In a recent survey, only 53% of respondents were able to correctly identify the definition of “phishing” when given multiple options. This is down from last year’s 63%. Only 23% recognized malware as opposed to 65%, while ransomware saw an increase globally with 36 percent recognition in 2021 over 2020
- Proofpoint customers are taking precautions to protect themselves from phishing scams, even in an active threat climate. Data shows that the average failure rate of these attacks held steady at 11%. With 50% more testing over 12 months.
By recognizing the state of the phish in 2021 and understanding how to protect against them, organizations can be more prepared for potential threats. Organizations should implement a comprehensive security strategy with user education and technology solutions at its core. Also, they should monitor their attack surface continuously to stay ahead of any malicious email activity. Only then will they be able to maintain their cyber resilience in the face of constantly evolving threats.
The State of the Phish report shows while hackers are continuing to become more active and sophisticated, cybersecurity teams are adapting also by taking action to fortify defenses against these threats. However, they still need to do more work, particularly when it comes to employee awareness around phishing attacks–which remains an important piece of the puzzle. With this knowledge, organizations can create a more secure environment for their users and protect their valuable data from malicious actors.
The report also shows there are still gaps in cybersecurity practices, with employees often failing to recognize phishing attempts or taking dangerous actions like clicking on malicious links or downloading malware. Organizations must continue to educate their users on cyber threats and reinforce best practice policies, such as using multi-factor authentication and patching software regularly, to stay ahead of the ever-evolving attack landscape. While attackers may be getting more advanced every year, staying vigilant is the only way organizations can defend themselves from these persistent threats.
By following these best practices and keeping up with current security trends, organizations can reduce their vulnerability to attack. With this knowledge in hand, businesses can protect themselves more against phishing threats and maintain elevated levels of cyber resilience.
If you are looking for cybersecurity services to help protect your business, SwiftTech Solutions can provide you with robust solutions and the expertise needed to stay ahead of threats. Contact us today for more information.
For more detailed insights into the State of the Phish report, check: https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2022-state-phish-report-reveals-email-based-attacks-dominated