Phishing Attacks Continue to Rise, Proofpoint Reports
While the volume of phishing attacks grew in 2018, Proofpoint found that there were also several positive trends that helped organizations reduce cyber-security risk.
Phishing remains an active threat vector with the volume of attacks growing, according Proofpoint's 2019 State of the Phish report, released on Jan. 24.
In a phishing attack, a hacker aims to trick a user into clicking on some form of malicious link that is hidden with an email. The study found that in 2018, 83 percent of global infosecurity respondents were impacted by phishing attacks, up from 76 percent in 2017. Targeted phishing attacks known as spear phishing also were on the rise from 53 percent in 2017 up to 64 percent in 2018. Among the key findings in the report was also the simple fact that not all employees within organizations actually understand cyber-security terms and their associated risks. For example, in the U.S., only 65 percent of individuals actually could correctly explain what phishing is.
"Terms like ‘phishing’ and ‘ransomware’ are second nature for security professionals because they are spoken within IT departments each and every day," Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint, told eWEEK. "That is simply not the case for the rest of the organization."
Baker added that for a significant portion of the workforce, employees only encounter security terms during communication with the IT team. She noted that it is critical that infosecurity professionals keep in mind the learning curve associated with cyber-security awareness and ensure that they communicate in a way that employees can understand, process and learn. Awareness of cyber-security terms also varied by age, but with a somewhat non-intuitive result.
"It was surprising that despite being raised on technology from a young age, Millennials were found to be the least cyber-aware, as they fell significantly behind at least one other age group on all cyber-security terminology questions," Baker said. "Baby Boomers, who are often thought of as the least technologically-savvy generation, outperformed all groups in the fundamental understanding of phishing and ransomware."
Phishing Attack Impact
There are several different outcomes that can occur from a successful phishing attack, including loss of data, malware infections and compromised accounts. Baker noted that 65 percent of infosecurity professionals surveyed reported that their organizations dealt with account compromise resulting from a phishing attack in 2018. That figure is an increase from only 38 percent in 2017.
"While we did not ask about business email compromise in this survey, our respondents did share that successful phishing attacks led to a loss of funds," she said. "In addition, the number of organizations that experienced data loss as a result of phishing attacks more than tripled between 2016 and 2018."
Positive Trends
While phishing attacks grew in 2018, there were a number of positive cyber-security trends that the Proofpoint study was able to identify.
Two findings in the report stand out as extremely positive, Baker said. One is that 57 percent of infosecurity professionals have quantified a reduction in phishing susceptibility because of training programs. Another positive finding identified in the study is that 59 percent of suspicious emails reported by end users in 2018 were classified as potential phishing.
"These two findings demonstrate that security awareness training effectively educates employees on the latest cyber-security trends," Baker said.
She added that the positive results also show that security awareness training helps IT teams ensure that employees are prepared to identify malicious emails, reducing the success rates of phishing attacks. Looking forward, Baker is hopeful that training will continue to have an impact in the years ahead.
"We expect to see a continued rise in reported quantifiable reductions in phishing susceptibility, as organizations continue to train their employees and security awareness training vendors continue to enhance their solutions," she said.
source eweekLatest Jobs
-
- Senior Penetration Tester - UK - Ability to achieve security clearance.
- United Kingdom
- To attract the right person
-
Senior Penetration tester, who has the ability to achieve security clearance. (Visa sponsorships NOT available - sorry) UK based - remote first - occasional travel. Red teaming experience desirable. The successful person needs to have a history of engaging directly with customers (consultancy experience) technical delivery of penetration tests AND report writing. Limited travel - company operates a remote first approach. Must be living in the UK. Not one of the usual names in the pen testing industry. Looking for someone highly technical but looking to grow and develop their skills. Apply here or Reach out to me on chris.holt@dclsearch.com or 07884666351 All details kept discreet
-
- Cloud Architect- German Speaker
- Hungary
- Upto €48000 per year + bonus + benefits
-
As a Senior Pre-Sales Solutions Architect, you will play a pivotal role in driving our sales success by translating complex technical solutions into compelling proposals that resonate with our clients. You will collaborate closely with our sales teams to understand customer needs, design tailored solutions, and negotiate successful deals. Responsibilities: Solution Design: Develop comprehensive technical solutions that align with customer business objectives and industry best practices. Proposal Development: Create compelling proposals, including requirements gathering questionnaires, presentation materials, and Statements of Work (SOWs). Customer Engagement: Build strong relationships with clients, understanding their technical, business, and commercial requirements. Collaboration: Work closely with sales teams, delivery teams, and third-party partners to ensure successful project execution. Pricing Strategy: Define and deliver pricing strategies that align with customer needs and company objectives. Requirements: Experience in technical pre-sales or sales support roles. Proven track record in designing and delivering successful customer solutions. Strong technical foundation in areas such as VMware, Azure, AWS, cloud computing, and data center technologies. Excellent understanding of sales principles, account management, and negotiation techniques. Ability to explain complex technical concepts clearly and concisely. Experience working in international teams and supporting clients across multiple regions. Fluency in German and English is essential. Benefits: Competitive salary and benefits package Opportunity to work on challenging and rewarding projects Collaborative and supportive work environment Potential for career growth and advancement Please note that this role is focused on supporting German clients, but will also involve global client support as needed.
-
- Solution Architect - OUTSIDE IR35 - Contract- SC / DV - London
- London
- OUTSIDE IR35
-
Solution Architect For a London based Contract This is an Outside IR35 project. MUST have a minimum of an ACTIVE - SC clearance and be willing to be put through DV clearance. 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design. Cross domain experience desirable HLD / LLD London commutable Immediately interviewing.
-
- Microsoft Sentinel Architect
- Netherlands
- discussed on applications
-
Microsoft Sentinel Architect We're seeking a talented and experienced Microsoft Sentinel Architect to be responsible for the design, deploy of a new Sentinel solution into an expanding Services business. As a key member of our team, you'll play a vital role in driving security operations and protecting clients' assets. Responsibilities: Solution Design:Develop comprehensive Microsoft Sentinel architectures aligned with our clients' specific needs and industry best practices. Deployment and Configuration:Oversee the deployment and configuration of Sentinel components, including data connectors, analytics rules, and playbooks. Integration:Integrate Sentinel with other security tools and platforms within our MSSP ecosystem. Tuning and Optimization:Continuously monitor and optimize Sentinel performance to ensure maximum effectiveness and efficiency. Training and Mentoring:Mentor junior team members and provide training on Sentinel technologies and best practices. Required Skills and Experience: Proven experience as a Microsoft Sentinel Architect with a deep understanding of its capabilities and limitations. Strong technical skills in Azure, security operations, and data analytics. Experience designing and implementing complex security solutions, into a services environment Knowledge of threat intelligence, incident response, and compliance frameworks. Excellent communication and problem-solving skills.