In a changing risk atmosphere, nothing has been more of a threat than phishing.
Google has registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months). That’s not slowing down either. After am extraordinary year for phishing risk in 2020, it was hard to believe that there was any more real estate for phishing to climb. Unfortunately, that wasn’t the case – and companies who slacked on security awareness training during the pandemic are paying the price.
Phishing is still experiencing triple-digit growth in 2021. According to a new research from Vade phishing has seen a huge rise in the first half of 2021, including a 281% increase in May and a 284% increase in June.
An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the number of phishing attacks that they’re combatting in 2021. An estimated 74% of respondents in the same survey said that their companies had been successfully phished in the last year.
Phishing attacks against businesses are commonly fueled by dark web data, and there’s plenty for cybercriminals to choose from. A flood of records stolen in past data breaches has made its way to the dark web including an estimated 22 million new records in 2020 alone.
This is important for businesses to remember: the top cause of data breaches is still human beings. Specifically, errors made by employees. It is far too easy for cybercriminals to concoct compelling phishing messages that can fool employees into handing over credentials or opening a ransomware-laden document. Did you know that 48% of malicious email attachments are Office files?
Employees also fear missing out on an important message far more than they fear unleashing malware or falling for a phishing attack. An estimated 45% of employees click emails they consider to be suspicious anyway “just in case it’s important.”
In a survey of responses to phishing simulations, every industry had problems with employees clicking on a phishing email. CyberNews reports that 1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested in a phishing email.
Phishing resistance and security awareness training is a proven method to mitigate phishing risk. Companies that engage in regular security awareness training that features phishing resistance have up to 70% fewer cybersecurity incidents.
But many companies have deprioritized training in the chaotic scramble of the business world in the last year, even as phishing risk climbed and employees who were not trained to work remotely took the plunge.
Stop Trouble Before It Starts
The danger to your organization is real and it is growing. Just running 1 training course for your staffers isn’t enough to foster strong cybersecurity awareness. You need to actively train your team to keep your data secure. How are you doing these types of trainings? Do you need a team of cybersecurity experts to help you? Give us a call now: (646) 374-1820