Put Less Emphasis on Phishing Trends, More Emphasis on Managing Risk

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Posted by Gretel Egan on Jan 25, 2017

As we indicated in our recent 2017 State of the Phish Report summary, we noticed some positive trends with regard to the reported volume of phishing attacks, and these trends coincided with the numbers noted in the Anti-Phishing Working Group’s Phishing Trends Report, 3rd Quarter 2016, which was released in late December. The APWG headlined its report summary with “Record Wave of Phishing Comes to an Ebb in Autumn 2016” and noted several key comparison metrics:

The number of phishing sites detected in Q3 was 25% lower from the record high numbers reported in Q2.The number of brands targeted by attackers dipped 17% from Q2 to Q3.Between Q2 and Q3, the number of URLs per brand was down 25%, which the APWG indicates is a sign that “phishers were, on average and overall, creating fewer phishing URLs.”

For our State of the Phish Report, we surveyed information security professionals about their observations and practices related to the phishing threat during the same time frame that the APWG’s Q3 statistics were being recorded, and they seemed to be sensing a similar trend:

While 60% of respondents for our 2016 report said they thought the rate of attacks were increasing, only 51% felt the same this year.This year, 61% of infosec professionals said their organization had experienced a spear phishing attack, a marked decrease from the 85% who said they experienced this last year.

But in the end, what do these trends really mean?

Threats Will Morph, End-User Risk Will Remain

While we are heartened to hear of any reduction in the number of active attacks on organizations and individuals, we certainly recognize this: The next APWG report could very well show an uptick in attacks again. (And, frankly, with holiday traffic and a closer proximity to U.S. tax season falling in that window of time, an increase is downright likely.)

The reality is that whether the numbers trend up or down by a few percentage points, we’re still talking about a tremendous volume of attacks — case in point, the Q3 report stated that, on average, 200,000 new malware samples were discovered per day in Q3. And like it or not, end users are in the thick of it.

A great example of a shifting threatscape can be seen with ransomware. This attack vector didn’t even garner a mention in our January 2016 State of the Phish; in this year’s report, it is front and center. Although those of us in the cybersecurity space have a very good sense of the dangers associated with ransomware attacks, the awareness is not there with end users yet. In our survey of 2,000 U.S. and UK adult consumers, only 36% knew what ransomware was (and 52% of U.S. respondents wouldn’t even hazard a guess).

The good news, though, is that general awareness of phishing is growing. Of those same 2,000 users we surveyed, nearly 70% were able to correctly identify what phishing is. And because ransomware is often delivered via a phishing email, this increased understanding will help on all fronts.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Wombat Security
At Wombat Security, our mission is to deliver software-based cyber security awareness and training solutions that help your employees understand the risks associated with poor cyber hygiene and subsequently change their behaviors to strengthen your organization’s security posture. Our Continuous Training Methodology takes a 360-degree approach to security education, and customers who have implemented our programs have reduced successful phishing attacks and malware infections by up to 90%. With several million users across North America, Europe and Asia, we have established ourselves as a global leader in security awareness and training. And independent research by the Aberdeen Group has proven that our four-step methodology can reduce employee-related security risks and business impact by up to 60%.
Promoted Content
2017 Beyond the Phish Report
This exclusive report has data compiled from more than 70 million questions asked and answered inside our CyberStrength® Knowledge Assessments and interactive training modules from Q2 2016 to Q2 2017.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?