Proofpoint; has recently released its 9th annual “State of Phish” report, which provides an in-depth review of user awareness, vulnerability, and resilience.
Based on the summary for 2022, it is expected that email-based attacks will continue to be the greatest threat to your organisation during 2023.
The results for 2022’s UK survey respondents are below.
- 96% experienced at least one successful phishing attack (up 5%).
- 82% faced at least one email-based ransomware attack (down 2%).
- 86% faced one or more business email compromise (BEC) attack (up 6%).
- 82% dealt with at least one ransomware infection (up 4%).
What’s new?
Targeted attacks continue to increase, using methods you will be familiar with such as phishing and ransomware. A newer attack strategy is through your supply chain. By hacking one of your partners or suppliers they can deliver their attack while pretending to be a trusted party. 85% of UK organisations were targeted this way in 2022.
Insider threat is growing, this category spans from malicious data theft to negligent loss and credential theft. 85% of UK organisations faced this form of attack in 2022, yet it is often overlooked and missed from education and awareness training (31% of UK organisations include this in their training).
What can you do to avoid becoming another statistic in the 2024 report?
After technical controls, your best form of defence is education and awareness for your employees. One-click can have catastrophic results, therefore educating your employees through simulated email attacks and bitesize training can significantly reduce your risk.
The NCSC and GCHQ recommend you have simulated phishing training along with regular information and cyber security training. Contact us today to find out more on this topic along with a demonstration!