Many organisations saw a shocking increase in social engineering throughout 2018, particularly phishing attacks. Come 2019, cyber criminals have upped their game, and according to new research, they will continue to target end users.
They are increasingly turning to social engineering attacks that exploit the human attack surface to destroy safeguards and gain entry to professional networks.
More than a third of all phishing attacks launched last year were aimed at e-commerce organisations, banks and payment systems. Unfortunately, hackers are finding ways to exploit vulnerabilities with innovation at a terrifying speed.
Phishing Techniques Are Continuing to Improve
Although cybercrime has existed for many years, end users still fall for the trap because cybercriminals are always devising new ways to lure their prey.
Usually, the hacker sends counterfeit messages to multiple individuals requesting that they take urgent action on something. In previous years, these messages were easily detected and often ignored and deleted. Nowadays, cyber criminals seem to be doing extensive research and getting to know their targets, their weaknesses and their online habits so that their ‘urgent email’ is appropriate for the receiver.
The point is that these phishing emails are difficult to distinguish from genuine emails.
Time to Face the Facts
- Phishing accounts for 90% of data breaches
- 15% of people successfully phished will be targeted at least one more time within the year
- The average financial cost of a data breach through phishing on a mid-sized company is £1 1.3 million
- Phishing attempts have grown 65% in the last year
- Almost 50% of phishing sites are using HTTPS encryption – a 40% increase over the previous quarter in 2018
- More than 1.5 million new phishing sites are launched each month (Webroot)
- Phishing attacks have affected 76% of businesses in the UK
- Targeted users open 30% of phishing messages, and 12% of those users click on malicious attachments or links. (Verizon)
If you believe that your organisation is safe from phishing attacks purely because you've not been targeted yet… THINK AGAIN.
3 Ways You Can Protect Your Organisation
1. Increase Employee Security Awareness
Email is the number one attack vector, and today’s cybercriminals target high-value individuals who handle sensitive data. However, 97% of people are unable to identify a sophisticated phishing email.
These threats will continue to grow in size and sophistication. It is now more important than ever to prioritise security awareness training to educate employees about cyber security best practices and establish a defence mechanism against threat actors who focus on compromising end users.
2. Invest in a Security Awareness and Phishing Defence Tool
You can source several free and paid tools that can help increase employee awareness and decrease the likelihood of a successful attack against the company.
3. Consider a Password Manager
Although an old style, criminals will use links to lead employees to spoofed pages to gain access via usernames and passwords. A password manager can extinguish this possibility as a good solution will use auto-login and auto-fill technology to analyse a web page before a user enters their details.
Additionally, a password manager encourages employees to use strong and unique passwords everywhere, which will limit the attack surface.