“Phishing and malware will also continue to be relentless threats, leveraged by both cybercriminals and APT actors that require organizations to address the inadvertent actor risk.” — 2019 IBM X-Force Threat Intelligence Index Report
The stronger our technical defenses become, the more threat actors look to target the human dimension of security. Just how susceptible are people to phishing and spear phishing? Recent statistics from numerous sources point to an increase in the level of phishing activity and sophistication, as well as a heightened impact on organizations in terms of money stolen, data held for ransom and intellectual property pilfered.
This is no time for organizations to be complacent about this form of social engineering, as the stakes are high, and technology-based controls can only get us so far.
A Thriving Phishing Industry
Judging by the amount of activity, the phishing industry is a thriving business. In their latest report covering Q3 2019, the Anti-Phishing Working Group (APWG) labeled this period as “the worst period for phishing that the APWG has seen in three years.” For each month from July to September 2019, they reported over 80,000 phishing sites, with three-quarters of all attacks targeting just three industry sectors: SaaS/webmail (33 percent), payment industry (21 percent) and financial institutions (19 percent).
From a global law enforcement perspective, Europol recently released a report focused on spear phishing nearly every lessons europol report
