Why Phishing is Still the Most Virulent Attack Model
What is a Phishing Attack?
Phishing is a cybercrime specific to electronic communication where a person or automated program poses as a trustworthy entity in order to trick the recipient into handing over valuable information. Recent statistics suggest that 83% of organizations experienced phishing attacks last year. The APWG’s new Phishing Activity Trends Report found 1,025,968 total phishing attacks just in the first quarter of 2022.
It is a type of social engineering attack that utilizes deception including text and email messages to dupe users into taking action intended by the hackers. Phishing attempts to trick the victim into thinking the message is from a legitimate source, such as a bank. By clicking on the phishing link, the user may unwittingly download malware onto his/her computer. Phishing attacks may have the malicious intent of obtaining sensitive information, installing malware that can record activities, installing ransomware, or initiating an APT event. The Cost of a Data Breach Report found that Data breaches that stem from phishing scams cost companies an average of $4.65 million. For extensive defensive strategies and tools against phishing attacks, consider taking a look at Managed IT Services Houston.
Top 4 Reasons Why Phishing Remains a Serious Threat
Remote/ hybrid work environments pose the perfect opportunity
In an age where companies are increasingly relying on remote or hybrid workforces, attackers are sending more malicious emails to take advantage of this dynamic. Email is the main point of contact for many organizations and plays a significant role in how employees interact with each other. It is easier to take advantage of the gaps in communication and trust frameworks when employees aren’t co-located and can’t quickly verify every single piece of communication. This is why it’s doubly important for employees working in remote or hybrid roles to be able to identify suspicious emails and report them quickly.
People often fall for psychological manipulation
Psychological manipulation tactics can significantly improve the effectiveness of phishing attacks. In one experiment, a friendly voice on the phone following up on a simulated phishing email increased the click rate to 53.2%. That figure is more than three times higher than the 17.8% click rate achieved through targeted emails alone. (Read: When Carruthers and her team add follow-up voice calls to their simulated targeted phishing emails, the click rate rises to a whopping 53.2%.) People tend to trust others and don’t always question friendly voices.
Ransomware 3.0 has lowered the barrier of entry for cybercriminals
Ransomware 3.0 has now made it significantly easier for threat actors to conduct malicious activity. Cybercriminals can now purchase phishing kits on the dark web, complete with helpline assistance, rather than having to develop these skills on their own or rely on a partner. The rapid growth in ransomware attacks has now made it mandatory for organizations to invest in reliable Disaster Recovery.
Humans remain the weakest link in any organization’s security chain
Even though cybercriminals have significantly expanded their arsenal of offensive tactics and tools, security awareness programs and training can hardly keep up with them. Most companies continue to conduct security awareness programs only once a year. And even with regular security training programs, Human workers remain highly susceptible to phishing attacks.
Post courtesy: Scott Young, President at PennComp LLC.