A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks.
Analysing past incident response investigations, F-Secure also found that 55% of all attacks were targeted and 45% were opportunistic. The gaming and public-sector industries were mostly affected by targeted attacks, whereas the insurance and telecom industries mostly suffered opportunistic attacks. Financial and manufacturing organisations were equally affected by both.
52% of the targeted attacks analysed used social engineering techniques to exploit weaknesses in people, manipulating victims into installing malware or handing over credentials. Opportunistic attackers “relied more on technical weaknesses in an organisation’s IT infrastructure, such as exploiting software vulnerabilities”.
Tom Van de Wiele, F-Secure principal security consultant, said:
People need to think before they click on attachments and links, but the pressure of many jobs overrides this logic, which attackers understand and exploit.
Email is used organisation-wide and, with targeted attacks a growing concern, it is essential that organisations build awareness and educate their employees. Just one click from an unsuspecting or curious user could infect your organisation.
Users should be trained to be sceptical and suspicious of any unexpected incoming emails and think twice before clicking on attachments, especially from unknown senders.
Help your staff avoid falling victim
If employees aren’t fully educated on phishing, they are liable to underestimate the threat. Our Phishing Staff Awareness Course helps employees identify and understand phishing scams, explains what happens when people fall victim and shows them how to mitigate the threat of an attack.
You might also benefit from a Simulated Phishing Attack, which will establish how vulnerable your staff are to phishing emails. It will help you:
- Satisfy compliance and regulatory requirements;
- Adapt future testing to areas and employees of greatest risk; and
- Reduce the number of employee clicks on malicious emails.