Research revealed by Proofpoint highlights just how aggressive and effective phishing campaigns have become. Now focusing their efforts predominantly on companies rather than individuals, the networks behind these campaigns are reaping the benefits of increasingly sophisticated attacks.
Verizon recently unveiled a report that suggests it takes just 82 seconds for cyber thieves to ensnare the first victim of a phishing campaign.
In 2014, managers clicked on phishing links twice as often as they did in 2013, and twice as frequently as their executive counterparts.
Who are the least vigilant?
The employees who were the worst offenders when it came to clicking malicious links were from sales, finance and procurement (supply chain), who clicked, on average, 50 to 80% more frequently than others.
On average, users click one out of every 25 malicious messages delivered. No organization observed was able to eliminate clicking on malicious links.
The speed at which phishing campaigns can generate a successful result is a concern, and leaves little room for security teams to contain any damage retrospectively.
The research shows that 66% of clicks occur in the first 24 hours of a phishing campaign, and that after a week 96% of the clicks will have taken place. This is in comparison to 2013, when only 39% of the clicks occurred in the first 24 hours.
The survey found a 1,000% increase in messages with malicious attachments over the normal volume on specific days. The most popular email phishing campaigns in 2014 included e-fax and voicemail notifications, and corporate and personal financial alerts.
How to protect your organization
One thing is certain: phishing campaigns are winning. It pays to be vigilant and informed. Enrol your staff on a cybersecurity and phishing e-learning staff awareness course now, or conduct a phishing vulnerability assessment of your team today.