A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks.
Analysing past incident response investigations, F-Secure also found that 55% of all attacks were targeted and 45% were opportunistic. The gaming and public-sector industries were mostly affected by targeted attacks, whereas the insurance and telecom industries mostly suffered opportunistic attacks. Financial and manufacturing organisations were equally affected by both types of attack.
52% of targeted attacks examined used social engineering techniques to exploit weaknesses in people, manipulating victims into installing malware or handing over credentials. Opportunistic attackers “relied more on technical weaknesses in an organisation’s IT infrastructure, such as exploiting software vulnerabilities”.
Tom Van de Wiele, F-Secure principal security consultant, said:
People need to think before they click on attachments and links, but the pressure of many jobs overrides this logic, which attackers understand and exploit.
Email is used organisation-wide and, with targeted attacks becoming a growing concern, it is essential that organisations build awareness and educate their employees accordingly. Just one click from an unsuspecting or curious user could infect your organisation which might result in damaging repercussions.
Users should be trained to be sceptical of any unexpected emails and think twice before clicking on attachments, especially from unfamiliar senders.
Help your staff avoid falling victim
If employees aren’t educated on phishing, they are likely to underestimate the threat. Our Phishing Staff Awareness E-learning Course helps employees identify and understand phishing scams, explains what happens when people fall victim and shows them how to mitigate the threat of an attack.