According to a recent report by security firm F-Secure, more than a third of suspicious e-mails that were flagged by employees ended up containing malicious phishing attempts. More than 200,000 e-mails were tabulated for the analysis. What the firm found was that their automation plug-in determined that 33 percent of those e-mails were malicious or suspicious, and employed known phishing techniques.
Phishing attacks try to get an end user to perform a specific act — whether that’s providing private information or installing malicious programs, sometimes hidden as e-mail attachments. Breaking down the data even further, F-Secure found:
– 59 percent of e-mails reported by employees were due to suspicious links
– 54 percent came from suspicious or unknown senders
– 37 were reported as spam
– 34 percent were suspected of containing social engineering
– 7 percent contained a suspicious attachment
As for the most commonly used phrases in phishing attempts, F-Secure’s analysis found that “click here” was found in the highest amount of malicious e-mails, with “Login” and “Payment” coming in at No. 2 and No. 3, respectively.
F-Secure points out that when employees have an easy way to flag potentially dangerous e-mails, it helps to keep the entire organization safer. “You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense,” said F-Secure Director of Consulting Riaan Naude. “Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”
Automating the reporting process is just one piece in an enterprise’s comprehensive security efforts in curbing the threats posed by phishing attacks. Employee training in what to look for is another piece.
The recent 2021 Phishing By Industry Benchmarking Report by security firm KnowBe4 found that the average success rate — as in, employees engaging with a phishing attempt — for all industries sits at 31.4 percent.
However, after 90 days of comprehensive training, which included ways to spot malicious e-mails and internal phishing tests, the success rate dropped to 16.4 percent. Extended to a full year of training, the attack success rate shrunk to just 4.8 percent, proving that the best countermeasure technology comes from those on the front line.
“The idea that technology can prevent all cyber-related incidents has never been further from the truth because cybercriminals know the easiest way in is through your humans,” reads the report. “Security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment.”
Cybersecurity with Lighthouse Technology Partners
Lighthouse Technology Partners is an award-winning, strategic IT Provider delivering managed IT services, cyber security and cloud consulting for the modern workplace. We have over 35 years dedicated to bringing enterprise-ready solutions and security to small and mid-sized businesses across North America.
Have questions? Feel free to contact Lighthouse Technology Partners today for a free consultation.