Your IT Consultant

Phishing E-Mails Responsible for 91% of Cyberattacks

December 15, 2016

A new report from PhishMe found that 91% of cyberattacks start with a phish. The top reasons people are duped by phishing e-mails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity. "Fear and urgency are a normal part of every day work for many users," says Aaron Higbee, co-founder and CTO of PhishMe. "Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing."

Dark Reading summarized the report findings:

• Susceptibility to phishing e-mail drops almost 20% after a company runs just one failed simulation. So people do learn.
• Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company's population, even in the first year.
• Active reporting of phishing e-mail threats can reduce the standard time for detection of a breach to 1.2 hours on average – a significant improvement over the current industry average of 146 days. This was an important aspect of this report, notes Higbee, who says the study also includes results from more than 300,000 users in organizations that actively use the PhishMe Reporter tool for more than one year.
• The study also found that users respond to Locky ransomware's phishing lures (21.5%) more than any other malware variant. The others that followed Locky included order confirmation (17%), job application received (15.5%), and blank email (11.9%).

The good news is that people learn. That would indicate that training and education are key factors to help people stop clicking of stuff they shouldn't click on.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com