Phishing Attacks Up 76% Since 2017
By: Jim Stickley and Tina Davis
April 5, 2019
The latest report on phishing attacks sheds light on a rapidly growing threat to us all. The recently published The Proofpoint 2019 State of the Phish Report has some alarming statistics along with a few surprises. The survey finds that in 2018, 83% of respondents claim being victims of phishing attacks–a whopping 76% increase since 2017. Both vishing (voice) and smishing (text) attacks increased by as much as 45% since 2017. The reasons for these surges are many, one of which is that hackers are getting much better at what they do. Over time, they learn what tactics work best and then sharpen and improve their attacks. Combine that with a very real lack of cybersecurity awareness training, and it’s no wonder hackers are always steps ahead of the rest of us.
The study finds growth in these areas: A 70% growth in stolen credentials since 2017–bypassing malware infections as the most common experience; and tripled growth in reports of data loss since 2016. Surprisingly, the group most vulnerable to phishing attacks is Millennials, although they recognize smishing and vishing attacks the best. The two other groups, Baby Boomers and Gen X (38-72 years old) are much more aware of phishing than Millennials. Reasons for this are believed that Baby Boomers and Gen X have longer exposure to security awareness training, proving it’s not safe to assume younger workers are more cyber-savvy than their older counterparts. It also shows that all age groups need ongoing security awareness training. When it comes to the most common tricks email phishing uses, 69% are link-based, 17% are data entry-based, and 14% use attachments. The most successful email phishing subject lures are change requests for email passwords, modified security evacuation plans, requests for invoices and payments, and toll violation notices.
Proofpoint states in its report “We believe the significant increases…since 2016 not only speak to the growing phishing threat, but also to organizations’ heightened awareness of — and attention to — the effect these attacks have on businesses.” In fact, according to a report by the National Cyber Security Alliance, up to 60% of small-to-medium-sized businesses shut their doors after a hack. All these findings should be a wake-up call to organizations about the need for security awareness training. Year after year, hacking statistics increase, proving the ongoing threat is not likely to get better any time soon.
Security awareness training for everyone in a company is essential, from the top on down. And a key to getting the point across about phishing is that no link or attachment should be considered 100% safe. Organizations need to dedicate the best security training available, as they are the first step to their own cyber-resilience and perhaps to their continued existence. Maybe it’s time businesses take a page from hackers and learn from the past to improve our future.