Many organisations saw a shocking increase in social engineering throughout 2018, phishing attacks in particular. Come 2019, cyber criminals have upped their game and according to new research, cyber criminals will continue to target end users.
They are increasingly turning to social engineering attacks that exploit the human attack surface to destroy safeguards and gain entry to professional networks.
More than a third of all phishing attacks launched last year were aimed at e-commerce organisations, banks and payment systems. Unfortunately, hackers are finding ways to exploit vulnerabilities with innovation at a terrifying speed.
Phishing techniques are continuing to improve
Although cyber-crime has been around for many years, end users still fall for the trap because cyber criminals are always coming up with new ways to lure their prey.
Usually, the hacker will send out counterfeit messages to multiple individuals, requesting they take urgent action on something. In previous years, these messages were easy to detect and were often ignored and deleted. Nowadays, cyber criminals seem to be doing extensive research and get to know their target, their weaknesses and online habits so that their ‘urgent email’ is fitting for the receiver.
The point is, these phishing emails are difficult to set apart from genuine emails.
Time to face the facts
- Phishing accounts for 90% of data breaches
- 15% of people successfully phished will be targeted at least one more time within the year
- The average financial cost of a data breach through phishing on a mid-sized company is £1.3million
- Phishing attempts have grown 65% in the last year
- Almost 50% of phishing sites are using HTTPS encryption – a 40% increase over the previous quarter in 2018
- More than 1.5million new phishing sites are launched each month (Webroot)
- Phishing attacks have affected 76% of businesses in the UK
- 30% of phishing messages are actually opened by targeted users and 12% of those users click on the malicious attachment or link. (Verizon)
If you believe that your organisation is safe from phishing attacks purely because you've not been targeted yet… THINK AGAIN.
3 ways you can protect your organisation
1. Increase employee security awareness
Email is the number one attack vector and today’s cyber criminals target high-value individuals who handle sensitive data. 97% of people are unable to identify a sophisticated phishing email.
These threats will continue to grow in size and sophistication – it is now more important than ever to prioritise security awareness training to educate employees about cyber security best practices and be able to establish a defence mechanism against threat actors who’s focus is on compromising end users.
2. Invest in a security awareness and phishing defence tool
You can source a number of tools, both free and paid, that can help increase employee awareness and decrease the likelihood of a successful attack against the company.
3. Consider a password manager
Although an old style, criminals will use links to lead employees to spoofed pages in order to gain access via usernames and passwords. A password manager can extinguish this possibility as a good solution will use auto-login and auto-fill technology to analyse a web page before a user put’s their personal details in.
Additionally, a password manager encourages employees to use strong ad unique passwords everywhere, which will limit the attack surface.
PHISHING AS A SERVICE
91% of cyber attacks start with a phishing email and your employees are increasingly becoming the weakest link in your cyber security. Comtact's 'Phishing-as-a-service' hosts a carefully designed programme to test, train and reduce your users' susceptibility to phishing emails and multiple other threats. Discover how vulnerable your organisation is today.
- 9 cyber security training tips for your employees
- Cyber security awareness training: What is it?
- TOP TIPS: How to protect against social engineering
- Best practice password policy recommendations
- INFOGRAPHIC: Malware examples: What are the different types?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.