Anti-phishing strategies can be employed to protect networks from attack; however, a new report from Verizon shows that phishing is proving more successful than ever. Anti-phishing strategies are being employed, but they are not sufficient to prevent attacks from taking place. End users are still opening phishing emails and divulging their login credentials to attackers.
Anti-Phishing Strategies Are Being Implemented But Employees are Still Falling for Phishing Scams
According to the new report a greater percentage of employees are now falling for phishing scams. Last year’s Verizon Data Breach Report showed that 23% of phishing emails were being opened. This year the number has risen to 30%.
Opening a phishing email does not result in a network being compromised or the attacker gaining access to email accounts. For that to happen, an end user must open an infected email attachment or click on a link to a malicious website.
How often are employees taking this extra step? According to the Verizon data breach report, 12% of end users open the phishing email and double click on an attached file.
A similar percentage (13%) of end users click on the malicious links contained in the emails. These links either direct the user to a website containing an exploit kit or to a site where login credentials or other sensitive data are entered and revealed to attackers.
Anti-phishing methods are being taught to company employees, but attacks are still succeeding with alarming frequency. Phishing is proving to be a highly effective method of cyberattack.
The report also indicates that when attacks are successful attackers have plenty of time to exfiltrate data. Organizations are also finding it much harder to detect breaches when they occur. Attacks are taking minutes from the sending of a phishing email to network access being gained, yet it can take months for breaches to be detected.
Training Alone is Insufficient to Protect Against All Phishing Attacks
Anti-phishing strategies adopted by many organizations are not robust enough to prevent successful attacks. Anti-phishing strategies that rely too heavily on training staff members how to identify phishing emails are likely to fail.
It only takes one employee to respond to a phishing email for a network to be compromised and it is a big ask to expect every employee to identify every phishing email, 100% of the time.
Providing staff members with anti-phishing training can help to reduce risk, although software solutions should also be employed. A robust spam filtering solution should be implemented to ensure the majority of phishing emails are blocked and never delivered to end users’ inboxes. No anti-spam solution is effective 100% of the time, although blocking 99.9% of phishing emails is possible with solutions such as SpamTitan.
Attackers are using ever more sophisticated methods to fool end users into clicking on malicious links. A great deal of time and effort goes into spoofing domains and producing carbon-copy spoof websites. Preventing these websites from being visited is one of the best defenses against phishing attacks. Web filtering solutions can be highly effective way of reducing the risk of a phishing attack being successful.
A web filter can be configured to block phishing websites and other potentially harmful websites. Even if links are clicked, the user is prevented from compromising their device and network.