Getting Out Of The Phish Net: How To Turn People Into Your Greatest Asset

At PhishCloud we believe that people are vital in helping prevent phishing. These are some of the reasons why we have a different approach.

In 2018 alone, 83% of people received phishing emails

  • 64% of businesses experience phishing attacks

Why It’s Tough To Spot A Fake

49% of hackers prefer to exploit human nature, not tech

  • Social engineering attacks are on the rise — more than doubling from 2013-2018

  • Why isn’t looking out for red flags enough?

  • 384 billion emails are sent everyday ー 85% are spam

  • In 2018, 8 in 10 people experienced a phishing attack

  • Many Employees Are Left In The Dark

  • 2 in 3 consumers have received phishing emails

  • 1 in 3 have been compromised

  • had a computer infected with a virus or malware

  • been notified their account was compromised

  • had a social media or email account hacked

  • Phishing victims experienced

  • Compromised accounts: 65%

  • Malware infections: 49%

  • Loss of data: 24%

  • Businesses lose nearly $2 million per incident, but that’s not all

  • Decreased productivity: 67%

  • Data loss: 54%

  • Reputation damage: 50%

1 in 3 consumers will stop using a business after a security breach

Social Engineering 101

  • 72% of employees report that protecting themselves from email attacks has become more difficult since 2016

  • The Psychology of Phishing | What do we fall for?

  • Toll Violation Notification | Why? Creates a sense of urgency

  • Invoice Payment Required | Why? Mimics realistic personalized messages

  • Updated Building Evacuation Plan | Why? Preys upon fear with need-to-know info

  • BUT phishing attacks can even come unseen

  • Formjacking

  • When website forms are hacked to collect private user information

  • Typically used to steal credit card and payment details from checkout pages

  • Formjacking represents a serious threat for both businesses and consumers” Greg Clark, CEO of Symantec

  • Ransomware

  • When hackers lock a device and demand ransom to release data

  • Large businesses, government agencies, law firms, and banks are among the main targets | Why? For their secure information and access to large funds

  • 77% of successful social engineering attacks start with a phishing email — How can you protect your business?

  • Cybersecurity That Works: Why You Need People, Not Just Tech

  • Annual Training Is Not Enough

  • 95% of infosec professionals train employees to identify phishing attacks

  • Despite annual training, 35% of employees don’t know what “phishing” means

  • 1 in 10 have clicked a link in a phishing email

  • Current Phishing Solutions Alone Aren’t Scalable

  • Common Practice: Have employees forward suspicious emails to IT

  • The Problem: Of all emails flagged by employees, just 15% are actually malicious — and many malicious emails fall through the cracks

  • People learn better through practice & reinforcement

  • Over half of infosecurity professionals believe training has reduced phishing susceptibility

  • 76% of professional phishing victims receive additional counseling from a manager rather than negative consequences

  • 74% of hackers say they’re rarely impressed by an organization’s security measures]

  • The Key To Security Is People

  • Training employees to spot phishing attacks

  • Give them feedback on their effectiveness

  • Get everyone involved in protecting the company

  • In 2018, 93% of security breaches involved phishing* scams

The Internet is full of dark alleys — Teach your employees to shine a light in the dark

Sources:

https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1872724/ESG-Solution-Showcase-Cisco-Email-Oct-2018.pdf?oid=anrsc013962

https://cofense.com/wp-content/uploads/2017/11/Enterprise-Phishing-Resiliency-and-Defense-Report-2017.pdf

https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/consumer-business/deloitte-uk-consumer-review-nov-2015.pdf

https://us.norton.com/internetsecurity-emerging-threats-what-is-formjacking.html

https://fortune.com/2017/04/27/facebook-google-rimasauskas/

https://www.paypal.com/us/brc/article/what-is-phishing-or-spoofing

https://info.wombatsecurity.com/hubfs/Wombat_Proofpoint_2019%20State%20of%20the%20Phish%20Report_Final.pdf

https://www.nuix.com/black-report/black-report-2018

https://www.symantec.com/security-center/threat-report

https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/

https://www.infosecurity-magazine.com/news/mps-bombarded-spam-brexit-no-deal/

https://www.talosintelligence.com/reputation_center/email_rep

https://www.phishingbox.com/assets/files/images/Check-Point-Research-Information-Security-Report-2018.pdf

https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf

https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html

Source: phishcloud.com

2 Likes