UPDATED 09:00 EST / NOVEMBER 30 2017

INFRA

Phishing attacks cost about $1.6M apiece, but enterprises are fighting back

Phishing defense solutions firm PhishMe Inc. has found that a successful phishing attack now costs a mid-sized enterprise $1.6 million on average.

The firm also found that the number of attempted phishing attacks continues to rise but conversely, enterprises are improving their defenses and fighting back against them.

The details come from PhishMe’s 2017 Enterprise Phishing Resiliency and Defense Report, which analyzed trends from over 1,400 PhishMe customers in 23 industries. It included data from more than 52 million phishing simulations performed from January 2015 to July 2017 and real phishing attacks that took place from January 2017 to August 2017.

The analysis found that while phishing attempts have grown 65 percent this year, susceptibility rates — that is, the rates in which companies are successfully exposed to successful phishing attacks — has dropped to as low as 5 percent thanks to improved reporting and engagement of phishing attempts.

Successful methods, such as conditioning employees to recognize and understand phishing emails and the use of repeated phishing simulations, are credited as having driven the shrinking susceptibility rate for the three years running. The report noted that as “proof that a progressive, mature anti-phishing program keeps organizations safer.”

Employees remain the most susceptible to phishing emails that target them as customers. Some 15 percent of emails employees reported as part of the study were found to be phishing-related, with emails containing malicious URLs the most common form of attack.

The content used to target employees is also said to be changing. The report found that whereas fear, urgency and curiosity were previously the “top emotional motivators” behind successful phishing attacks, they have been replaced by phishing campaigns covering entertainment, social media and reward/recognition.

“With phishing attacks up 65 percent worldwide from last year, this continues to be the number one
cyber threat to organizations of all sizes,” Aaron Higbee, co-founder and chief technology officer at PhishMe, said in a statement. “Phishing attacks have the ability to skirt technology and target human emotion, making it imperative that organizations empower their employees to be part of the solution.”

Photo: Stomchak/Wikimeida Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.