The Rise of Phishing Attacks

By Eric Noonan • May 9, 2016

Recently, Verizon released its 2016 Data Breach Report, which has served to assist the security community in managing risk and avoiding security incidents since 2008. In the report, one can find data on almost all aspects of the current cybersecurity risk landscape. With that being said, I was most intrigued by the findings related to phishing attacks, a form of social engineering that seeks to exploit an organization’s greatest risk – humans.

The motivation behind phishing attacks is no different than any other information security incident. Generally, attackers will be looking to trick the target user into divulging credentials on a pharming website. These sites look and feel like they are genuine websites for banks, enterprise applications, etc. Another common tactic in phishing attacks is having the targeted user click an attached file containing some sort of malware, thus granting the attacker access to the machine and by association, whatever network it connects to. These attacks are troubling because they allow an attacker to simply avoid many of the technical controls an organization may have in place.

The Data Breach Report has included metrics on phishing cases for years, this year the report stated that 30% of users open phishing emails. While this may not be harmful in itself, 13% of users will go on to click on the malicious attachment or navigate to the phony website where credentials are collected. These numbers are somewhat higher than last year, which reported a 23% open rate and an 11% click-through on the attachments. Another important thing to note is how quickly this all happens, the report states that it often takes less than five minutes to see a targeted user click on the attachment or link.

Social Engineering attacks, phishing specifically, are on the rise because the attacks are much easier to execute than technical attacks targeting an organization’s vulnerable assets. It enables an attacker to compromise a network with much less effort than would normally be required, and often times in much less time.

The good news is that phishing attacks can be defeated in multiple ways.  First, two-factor authentication would nearly eliminate all the risk associated with credential-stealing activities. Even if an attacker did acquire the main credentials for an employee, they would still lack the secondary credentials that are required.  Second, and probably the most direct way to decrease human risk, is through a mature security awareness program. While awareness and training programs have been given more attention as of late, several organizations still do not take them seriously. Without training your employees on simple, human targeted attacks like phishing, they cannot be expected to protect your critical assets and data when they become the targets.

Curious how your organization stacks up?  CyberSheath can help, contact us today.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.