Phishing attacks, social engineering and credential compromise all increased during 2018 according to new research from the cybersecurity firm Proofpoint highlighting the fact that cybercriminals continue to target end users.
The firm's fifth annual State of the Phish Report uncovered phishing attack trends across more than 15 industries and examined the cybersecurity knowledge of over 7,000 working adults in the US, Australia, France, Germany, Italy, Japan and the UK.
Proofpoint analysed data from tens of millions of simulated phishing attacks sent over a one-year period and its report was compiled using survey responses from nearly 15,000 cybersecurity professionals including its own customers and outside organisations to provide an in-depth look at the state of global phishing attacks.
According to the report, 83 percent of global infosecurity respondents experienced phishing attacks in 2018 which is up from 76 percent in the previous year. Security awareness training had an impact on preventing attacks and nearly 60 percent saw an increase in employee detection once their staff was better trained to identify possible attacks.
People-centric defense strategy
Social engineering attacks were also on the rise with more organisations affected by phishing, spear phishing, SMS phishing, voice phishing and USB drops. Last year was also the first time that compromised accounts bypassed malware infections as the most commonly identified impact of successful phishing attacks.
Proofpoint's General Manager of Security Awareness Training, Joe Ferrara stressed the need for increased security training at organisations to prevent phishing, saying:
“Email is the top cyberattack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organization. As these threats grow in scope and sophistication, it is critical that organizations prioritize security awareness training to educate employees about cybersecurity best practices and establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”
Surprisingly baby boomers outperformed all other age groups in fundamental phishing and ransomware knowledge, underscoring why organisations should not assume a younger workforce has an innate awareness of cybersecurity threats.
- We've also highlighted the best antivirus to help protect you from the latest cyber threats