Missed our webinar? Don’t worry – we’ve still got you covered.
On September 17, 2020, Holger Schulze, Founder & CEO of Cybersecurity Insiders and Kevin O’Brien, CEO of GreatHorn discussed various insights from the 2020 Phishing Attack Landscape Report, along with various requirements and considerations needed for a layered email security approach including some well-kept secrets to responding to phishing attacks in a more efficient manner.
The recently released 2020 Phishing Attack Landscape report resulted in some major findings:
- Of all the respondents, 38% said some or the other person in their team had fallen victim to a phishing attack. While 21% were not sure of whether they had been attacked or not.
- 53% said that their organization has seen a rise in email phishing attacks during the COVID-19 pandemic, and 30% said attackers were more successful during this time.
- 1 in every 3 respondents said they need to remediate an email phishing attack every day, which is 165% more than last year. Cumulatively, 1,185 email phishing attacks occurred every month.
Some of the other major points discussed in our webinar:
Your security vendors provide 100% email attack prevention – DECEPTION
There is no such thing – FACT
Many vendors claim complete security against phishing attacks, but the truth of the matter is that yesterday’s protection is not enough for today’s new, advanced and ever-changing attacks. No one vendor can claim to provide 100% protection against these types of attacks. As attackers up their game, so should your vendor. Siloed email security vendors often lack the visibility to analyze across the entire email envelope, the senders, the recipients to detect anomalous behaviors. The correct solution integrates across the entire email security stack for complete visibility and the ability to quickly detect and respond to risk.
Your risk management strategy needs to be reworked
There are two forms of phishing attacks – both technical and non-technical. Technical attacks (malicious payloads, website redirects) depend more so on traditional hacking techniques while non-technical attacks (impersonations, credential theft) rely on manipulating people to perform certain activities or provide confidential information. Technical attacks don’t necessarily involve the exploitation of systems. Social engineering attacks are considered non-technical and enable attackers to gain legitimate access to critical information. As the attacks become more sophisticated and attackers advance, you need to make sure your risk management strategy can appropriately detect and respond to these forms of attacks.
End-User Enabling and Education
Your employees can be your best defense against a phishing attack. IT leaders must work to ensure the company continues to invest in the education of end users. By giving them the right tools, they can become educated enough to analyze, identify, protect, and respond to phishing attacks in a moment’s notice.
Protecting your organization starts with empowering your people. Implementing in-the-moment awareness training or user education helps to significantly reduce attack engagement by warning users of potential threats during the attack. In the end, users make better decisions and know when and how to report phish and spam.
Our report found that 1 out of every 100 incoming messages is a malicious hacking attempt, and that more half of the breaches and leaks that take place are directly attributable to user error or lack of cyber hygiene practice. Therefore, it is now more important than ever to educate end users for reacting smartly in the moment of risk.
For a more comprehensive look at phishing attacks, check out the webinar.
Check out the 2020 Phishing Attack Landscape report here.