A recent report by cybersecurity company GreatHorn found that companies experience an average of 1,185 phishing attacks every month. Even though the success rate of these phishing attacks is at a deceivingly low 6%, it means 71 of those are still successful and in need of remediation. The report found that 15% of organizations are spending 1 to 4 days remediating phishing attacks while another 29% spent 1 to 8 hours doing so.
Tribune Publishing Case: Phishing Attack Simulation
While malware protection can defend against known threats, it won’t keep an individual from clicking on a phishing link that downloads malware with credential theft capabilities. Just recently, Tribune Publishing sent out a phishing attack simulation to all of its employees with an email that rewarded them a $10,000 bonus for their “ongoing commitment to excellence”. Many employees failed and were met with a message: “Oops! You clicked on a simulated phishing test!” and reminded them to follow online safety rules. The simulation was not received well by the employees. Many felt it was insensitive, especially after recent layoffs and budget cuts resulting from COVID-19. The unfortunate reality, however, is that social engineering attacks use these exact manipulative tactics to increase their success rate. In fact, phishing attacks and other scams have been on the rise since the coronavirus pandemic. In the GreatHorn study, 53% of employees who responded say their organization has seen an increase in phishing attacks during the COVID-19 pandemic, and 30% report that they have become more successful.
Awareness and Training is Key
Cybercriminals tend to use current events, insider company intel, and knowledge of your own behavior to convince you to carry out a task that could put your personal information and your company at risk. The best defense against phishing attacks is awareness and training designed to help people easily identify the latest scams.