With 76% of organizations saying they experienced phishing attacks last year, it should be no surprise that out of the 1,300 IT Security decision makers surveyed for CyberArk Global Advanced Threat Landscape Report 2018, 56% said that targeted phishing attacks were the top security threat facing their organization. These days, only about 3% of Malware tries to exploit an exclusively technical flaw, while the other 97% targets users through some type of social engineering. It’s important to remember that it’s not just large companies who tend to be targeted, as 43% of cyber attacks appear to target small business, who are also typically not well equipped to handle the ever-evolving landscape of cybersecurity. Looking forward in 2019, these attacks are only expected to increase, and while these statistics can be alarming, the good news is that these types of attacks are almost always preventable with a proactive organizational approach.
“An overwhelming 92.4% of all malware is delivered by email”
While the tactics and techniques being used by attackers are becoming more sophisticated and more targeted, it seems that email is still the tried and true threat vector of choice. An overwhelming 92.4% of all malware is delivered by email according to the Verizon 2018 Data Breach Investigation Report. The big change in attacker technique for 2018, was the shift away from using malicious attachments, with most hackers more in favor of utilizing malicious URL’s. Proofpoint reported that in 2017, 3 out of 4 malspam emails delivered malware via malicious attachment, while the data for Q1 2018 shows that email-based attacks with malicious links outnumbered emails with malicious attachments 4 to 1. Attackers are also making the attacks much more targeted on the user or organization, with many victims claiming the original email appeared to come from someone they were actively expecting correspondence with. For example, an email that contains a malicious invoice that appeared to come from a regularly used vendor. This shift in technique requires a user to be more aware, and more diligent than ever, as now just clicking one bad URL can result in an extremely costly and reputation-damaging breach.
“An organization’s best line of defense is always a well-informed end-user”
According to Symantec’s 2018 Internet Security Threat Report (ISTR), a whopping 54.6% of all email is spam, and the average user receives about 16 malicious spam emails a month. With only a 20 person team, that is 320 times a month that you have to rely on an end-user’s judgment to correctly scrutinize emails and perform the right action. That’s 3,840 potential cybersecurity incidents a year, and as employee count grows the potential risk exponentiates. At Prestige IT, we believe the evolving and sophisticated nature of modern phishing attacks present a risk that you can not defend using traditional methods of network firewalls and end-point security software alone, but rely heavily on well-trained employees being aware of the latest cyber risks, and how to easily identify and prevent them. We believe strongly that an organization’s best line of defense is always a well-informed end-user, which also, unfortunately, tends to be one of the most underutilized pillars of cybersecurity.
“Advanced Phishing Simulation Campaigns and User Awareness Training services”
Prestige IT assists our clients with hardening the cybersecurity knowledge of their user-base by offering a full range of advanced Phishing Simulation Campaigns and User Awareness Training (UAT) services. Prestige IT offers 30, 60, and 90-day campaigns, that target a new service every week for the duration of the campaign. To be most effective, we work with the client to identify unique high value/high-risk accounts or services to target for each department with our email and lure page simulations which identically replicate the original service (i.e. Dropbox, Microsoft Office, Docusign, AWS, Facebook, Twitter, Coinbase etc…). Doing this allows end users to receive simulated emails that are directly related to their department or role at the company, which they are much less likely to analyze thoroughly. After the campaign duration is finished, we provide management with a full report containing an in-depth view on user actions during the campaign, and we provide the users who failed the simulations with additional User Awareness Training and cybersecurity resources. The value of proactive organizational cybersecurity measures such as performing regular phishing simulations and user awareness training cannot be understated in today’s digital landscape. Contact Prestige IT to assist in hardening your organization’s security posture today, and let us help your business avoid becoming just another statistic.