Phishing attacks cost about $1.6M apiece, but enterprises are fighting back
Phishing defense solutions firm PhishMe Inc. has found that a successful phishing attack now costs a mid-sized enterprise $1.6 million on average.
The firm also found that the number of attempted phishing attacks continues to rise but conversely, enterprises are improving their defenses and fighting back against them.
The details come from PhishMe’s 2017 Enterprise Phishing Resiliency and Defense Report, which analyzed trends from over 1,400 PhishMe customers in 23 industries. It included data from more than 52 million phishing simulations performed from January 2015 to July 2017 and real phishing attacks that took place from January 2017 to August 2017.
The analysis found that while phishing attempts have grown 65 percent this year, susceptibility rates — that is, the rates in which companies are successfully exposed to successful phishing attacks — has dropped to as low as 5 percent thanks to improved reporting and engagement of phishing attempts.
Successful methods, such as conditioning employees to recognize and understand phishing emails and the use of repeated phishing simulations, are credited as having driven the shrinking susceptibility rate for the three years running. The report noted that as “proof that a progressive, mature anti-phishing program keeps organizations safer.”
Employees remain the most susceptible to phishing emails that target them as customers. Some 15 percent of emails employees reported as part of the study were found to be phishing-related, with emails containing malicious URLs the most common form of attack.
The content used to target employees is also said to be changing. The report found that whereas fear, urgency and curiosity were previously the “top emotional motivators” behind successful phishing attacks, they have been replaced by phishing campaigns covering entertainment, social media and reward/recognition.
“With phishing attacks up 65 percent worldwide from last year, this continues to be the number one
cyber threat to organizations of all sizes,” Aaron Higbee, co-founder and chief technology officer at PhishMe, said in a statement. “Phishing attacks have the ability to skirt technology and target human emotion, making it imperative that organizations empower their employees to be part of the solution.”
Photo: Stomchak/Wikimeida Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU