Researchers Warn: Phishing is Up Dramatically. Again.

July 29, 2021

Two Consecutive Months of Phishing Gains is a Loss for Businesses

Phishing continues to be one of the nastiest cybersecurity threats that businesses face today. The precursor to so many devastating attacks from ransomware to business email compromise, phishing is the key that unlocks the door to the heart (and the wallet) of your business. It’s also the number one driver of a data breach; 90% of incidents that end in a data breach start with a phishing email. Phishing threats haven’t shown signs of slowing down – risk is up almost 300% over 2020’s record-breaking numbers in May and June. That means that phishing is on track to notch record-breaking growth numbers again in 2021, creating a cybersecurity crisis that no business can afford to overlook. 

Automated security isn’t a luxury. See why Graphus is a smart buy.

A Rising Tide Lifts All Boats

The continuing escalation of phishing threats is something that is hitting home for IT professionals as we transition into a new era of business security. Google had registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months) .More than 70% of organizations around the world experienced a phishing attack in 2020. That’s an overall increase of 42% over 2019. Some categories like ransomware experienced triple-digit growth.  In a survey conducted by Aberdeen Strategy & Research, a group of more than 1000 IT professionals from around the globe gave insight into how phishing is impacting their organizations in more ways than you might think. 

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Which Industries and Workers Are the Most at Risk?

If you think that it’s logical that any increase in the number of phishing attempts that a business faces will also lead to an increase in the number of phishing attempts that are successful, you’d be right. In the same survey, An estimated 74% of respondents said that their companies had been successfully phished in the last year. No department is safe from the enticements of sophisticated phishing messages either. About 75% of the respondents indicated that the targets of many phishing attempts were IT staffers themselves, who you’d think would be savvy to these attacks, except 40% of those IT staffers fell for the bait.  

Most Likely Departments to be Targeted by Phishing 

  • IT = 74% 
  • Sales =35% 
  • Executives = 27% 
  • Marketing = 25% 
  • Customer Support = 21% 

Phishing attempts are constant, with organizations in every sector under siege daily.  Nearly 75% percent of organizations in the United States experienced a successful phishing attack last year. Those attacks packed a punch. In the 2021 IC3 Report, the US Federal Bureau of Investigation estimated that businesses lost $4.2B to cybercrime in 2020 led by phishing.  That’s a situation that is only getting worse for businesses. An astonishing 80% of respondents in the Aberdeen survey said that they had experienced an increase in the number of phishing attacks that their organizations faced. More attacks mean more lures are making their way into employee inboxes at companies that rely on traditional security like filters and SEGs,  providing even more opportunity for the number one driver of risk, human error, to cause a phishing-related disaster.  

The Top 5 Industries at Risk for Employees to Click on a Link in a Phishing Message

  • Consulting
  • Apparel and accessories
  • Education
  • Technology
  • Conglomerates

The Top 5 Industries at Risk for Employees to Hand Over Their Credentials or Information to Cybercriminals

  • Apparel and accessories
  • Consulting
  • Securities and commodity exchanges
  • Education
  • Conglomerates

Looking for a security rockstar? Get 5 superstar benefits at 1 low price! SEE THE BENEFITS>>

How Are Phishing Messages Succeeding? 

The phishing messages that employees are facing today are much more sophisticated than they were before the pandemic, making them much harder for employees to detect.  Cybercriminals had plenty of opportunities to refine their techniques and innovate in the blizzard of phishing that accompanied pandemic lockdowns. Plus, the rapid shift to remote work left employees on their own when it came to spotting and stopping phishing because it was far too easy for companies to put cybersecurity awareness training on the back burner until it was too late, creating especially thorny situations with remote workforce support. 

Many companies pushed security concerns to the side as something that could be handled in the future as they scrambled to get their teams rolling again. Even with escalating risk in every direction and a blizzard of pandemic-related spear phishing attacks, an estimated 85% of CISOs admit they sacrificed cybersecurity to quickly enable employees to work remotely, often to their detriment. A substantial number of organizations also failed to train their newly remote employees in the cybersecurity dangers presented by going remote. Almost 50% of companies in that survey admitted that they have done no training for employees around remote workforce risks.  

That’s a big reason why many employees have become easy dupes for cybercriminals, a very dangerous proposition in today’s volatile threat landscape – 34% of survey respondents blamed their company’s phishing woes in the last year on a lack of employee understanding of what to look for to sniff out today’s sophisticated phishing threats. Another big chunk, 37%, cited the combination of a lack of employee understanding and inadequate technology as the culprit behind successful phishing attacks against their companies. About 40% of executives polled in a staffing survey felt that they have adequate IT expertise on staff to assist employees with remote work issues. Unfortunately, only a worrisome 45% of organizations reported having enough budget available to address the needs of their IT team in supporting a remote workforce.

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Graphus Can Help 

Put Graphus on the job to keep sophisticated phishing threats away from your business. It can’t be fooled by social engineering, so it won’t fall for fake urgent or scary messages. It doesn’t get tired, distracted or stressed like employees. It never takes a day off and it doesn’t miss a thing. Instead, Graphus reliably defends your business from data breach risks like phishing 24/7/365 with three powerful protective shields. that stop 40% more phishing messages than the competition. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention. 
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.   
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.

Addressing the dangers of phishing is imperative for today’s businesses. One of the best ways to do that is to prevent the inevitable mistakes that employees will make by keeping them out of the picture with Graphus. Schedule a demo today=> 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus