Verizon recently released the 2024 edition of its Data Breach Investigation Report (DBIR), compiled with data gathered from a great number of partners. The report once again shows how indispensable it has become to employ the most effective technical safeguards available against phishing, pretexting and business email compromise (BEC).
In the Social Engineering category, for instance, DBIR 2024 reveals that phishing and pretexting via email were responsible for 73 percent of all data breaches reported for the previous year. Pretexting, in which attackers fabricate a seemingly real situation and often assume the identity of a legitimate person to gain the trust of their victims, remains the primary cause of cyber security incidents, the report reveals. The attackers often use existing email threads and real contexts to hoodwink targeted users. What’s more, business email compromise is extremely costly for companies and institutions, amounting to a good US$50,000 on average, according to the FBI’s IC3 report.
Another insight, gained partly from user education tests – phishing attacks proceed remarkably quickly. On average, only 21 seconds pass between opening a phishing email and clicking on the malicious link it contains. It takes just another 28 seconds, on average, for the user to enter the details the criminals are targeting. In other words, the average time it takes for user to fall hook, line and sinker for a phishing trap is less than 60 seconds in total. On the other hand, the sensitization of users to the topic is gradually improving: In security awareness training 20 percent of users targeted with simulated phishing messages reported them (although 11 percent had already clicked on the embedded link).
At Retarus, we are also continually developing and enhancing our Email Security offering in response to the ongoing threat and security situation, for instance we recently introduced an additional anti-spam engine for our ATP (Advanced Threat Protection) customers, bolstering their protection against phishing significantly. And regarding the identification of manipulative websites, we are continuously honing our detection capabilities – in the coming quarter we will also be adding yet another URL database to our already formidable setup. Please feel free to download our rather timeless Anti-Phishing Guide for your staff free of charge in five languages from our website.
For those interested in diving a bit deeper into cyber security with a worthwhile read, the full Data Breach Investigation Report is available to read online or download free of charge from Horizon after registering.
