Phishing is now the #1 delivery vehicle for ransomware and other malware. See the numbers behind its rise.
While many of us tend to think of cyber criminals as mastermind hackers who perpetrate state-of-the-art attacks from behind the shadows of a hoodie, the truth is the majority are simple scam artists. They don’t bother with coming up with sophisticated ways to break through complex security systems. Why bother going to all that trouble when you can simply trick an employee into giving up information or clicking a link?
To help you get a better sense of the danger phishing poses (and to help you explain the risk of phishing to your boss and your users), we’ve collected seven telling statistics.
Once you’re done reading these, be sure to check out our latest eBook, The Phishing Field Guide: How to Keep Your Users Off the Hook. It’s full of actionable advice you can use to improve your organization’s security posture and keep your employees safe.
85 percent of organizations have suffered phishing attacks
source: Wombat 2016 State of the Phish
According to Wombat Security’s 2016 State of the Phish report, not only are more organizations falling victim to phishing attacks, the number and sophistication level of the attacks they’re experiencing has gone up. Two-thirds of the organizations they studied reported experiencing attacks that were targeted and personalized (spear phishing attacks), up 22 percent from the year before. (Wombat Security)
30 percent of phishing emails get opened
source: Verizon 2016 DBIR
The sad thing is most marketers would kill for that open rate. The sadder thing is it explains why phishing continues to be so popular among attackers. It’s a delivery tactic that works. Help your users avoid becoming phishing victims with these five tips. (Verizon 2016 DBIR)
#1 delivery vehicle for malware is email attachments
source: Verizon 2016 DBIR
Considering the success rate of phishing, perhaps it’s no surprise malicious email attachments and links are two of the top three malware delivery mechanisms of choice for attackers. That makes email filtering and user education both smart security investments. (Verizon 2016 DBIR)
250 percent surge in phishing detected in Q1 2016
While it’s common to see a brief spike in phishing incidents around the holidays, researchers at the Anti-Phishing Working Group (APWG) were surprised to see this year’s spike grow into a sustained surge. The group observed more phishing attacks in Q1 2016 than in any other three-month span since it began tracking data in 2004. (SC Magazine)
9 out of 10 phishing emails carried ransomware in March
Source: PhishMe Q1 2016 Malware Review
Anti-phishing vendor PhishMe reported a dramatic increase in the number of phishing emails deploying ransomware payloads over the course of Q1 2016. During March, 93% of the phishing emails they collected intended to infect victims with ransomware. (PhishMe)
$1.6 million: the average cost of a spear phishing attack
Not only is spear phishing increasingly common, attacks are also proving to be incredibly costly. According to a recent Cloudmark survey, companies hit by a successful spear phishing attack in the past 12 months suffered an average financial cost of $1.6 million. (Cloudmark)
1 in 3 companies have been victims of CEO fraud emails
Over a third of the respondents to a recent survey by AlienVault reported their executives have fallen victim to a CEO fraud email, and over 80 percent believed their executives could fall for targeted phishing scams in the future. Those concerns are well-founded. More than 50 organizations, including Snapchat and Care.com, were successfully targeted by CEO fraud emails asking for W-2 information this past tax season alone. (AlienVault)