Phishing Attacks: The Path To Prevention
Unlike previous years, 2020 has been a significant year regarding cyber-attacks with exposure of the world’s latest serious nation-state cyberattack breaches such as FireEye and SolarWinds. Phishing is a common approach used by malicious actors and it is getting more sophisticated – for example, using machine learning and AI to quickly craft and distribute convincing fake messages to recipients in the hopes they will take the phishing bait.
What is Phishing?
It is a form of social engineering attack often used to steal user data, including login credentials, credit card numbers, and other sensitive data. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization
The Phishing Problem
According to a recent report by F5 labs, phishing incidents rose 220% compared to the yearly average during the height of the pandemic. The Application Protection Report published by F5 Labs found that 52% of all breaches in the US were due to failures at the access control layer i.e. credential theft, brute force login attempts and phishing. Based on data released by UK’s Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC) show that phishing is a leading cause for cyber incidents.
The Verizon DBIR 2020 report, an annual publication since 2008, mentions that phishing remains the top form of social-driven breach and “schemes are increasingly sophisticated and malicious” as remote work surges. Meanwhile, the use of stolen credentials by external actors is on a rapid rise with more than 80% of breaches involve the use of lost or stolen credentials or brute force.
The Phishing Statistics
Phishing attacks have resulted in hundreds of millions of dollars in losses globally in 2020 and is expected to rise in 2021. It is critical for businesses to review the key phishing statistics and facts:
- 91% of successful data breaches start with a spear phishing attack
- 81% of mobile phishing attacks are initiated outside of email
- 7% of global phishing attacks were accounted by SaaS and Webmail services
- 2.02 million phishing sites were flagged by Google between January to November of 2020
- 29% of breaches involved use of stolen credentials
- 80% increase in phishing campaigns related to sales and shopping special offers in the first half of November 2020 compared to 2019
- 200% in increase of compromised records
Protection against Phishing Attacks
The phishing problem and the statistics should not come as a surprise. These challenges and numbers reminds us that attackers typically take the path of least resistance i.e. start with a phishing scam targeting the user and their device, and then easily crack weak passwords or steal credentials to access sensitive data.
There are various indicators and steps organizations can implement, and their users can take to avoid being a victim of a phishing attack. However, with 97% of users who cannot effectively identify a phishing scam, successful phishing prevention comes down to the following:
Secure your attack surface
Adopt ZeroTrust framework and Implement Passwordless and Tokenless MFA across your organization including access for your business partners and customers.
With real-time visibility of authentication and authorization events including context for a transaction, users can make informed decision for an event stop an attack before it occurs.
Deploy the right solution
With BlokSec’s decentralized authentication and authorizations services, organizations can protect themselves and their users from phishing attacks leading to account takeover, theft of sensitive and personally identifiable data, and digital fraud. BlokSec’s patent-pending tri-factor user identification process ensures user integrity and authenticity with an authentication flow as simple as unlocking a mobile device.
Keep the phishers away
To control the fight against malicious actors and their increasingly sophisticated cyberattacks, organizations need to adopt a robust security approach to protect them and their users. Their security strategy and approach should focus on implementing solutions that support preventative measures to stop fraud before it occurs, and educate their users to identify phishing scams.
Achieve Zero Trust with Passwordless
The acceleration of digital transformation has fueled the adoption of mobile and cloud technologies and we can no longer have a network perimeter-centric view of security. Instead, we need to securely enable access for various users – employees, partners, contractors, etc. – regardless of their location, device or network. We review how Passwordless authentication lays the foundation for a Zero Trust Architecture by providing the highest level security and a frictionless user experience.
3 best practices to keep critical infrastructure secure from cyberthreats
Critical infrastructures have faced a barrage of cyberthreats in recent years, and operators now recognize that future attacks are a matter of ‘when’ rather than ‘if’. With 56% of the utilities network operators worldwide, reported at least one shutdown or operational data loss per year and 54% expected an attack in the coming year posses a major cyberthreat to energy and utility organizations. In this blog we explore 3 best practices that critical infrastructure sectors need to adopt to keep the malicious actors from a barrage cyberthreats.
3 Benefits of a Frictionless and Secure Digital Banking Experience
Over the past decade the banking and finance industry has experienced a monumental shift that brought both unique challenges and opportunities for institutions all over the world. Fast forward to today one thing is apparent – banks that choose to maintain the status quo simply will not be able to compete in a digitally accelerated landscape. In this blog we review the top 3 benefits of a frictionless and secure digital banking experience.
Stay up-to-date with the latest news and updates
Join our newsletter
Keep in touch with us and stay up-to-date on how you can protect your and your organization from identity-based attacks.
Get 12,000 free logins.
No credit card required.