EDITOR’S QUESTION
WHAT PROCEDURES
SHOULD COMPANIES
HAVE IN PLACE
TO MINIMISE
PHISHING ATTACKS?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
W
ebroot has revealed the results of
the 2019 Webroot Threat Report
which stated that the number
of phishing attacks increased in 2018. The
research also shows that while tried and true
attack methods are still going strong, new
threats emerge daily and new vectors are
being tested by cybercriminals. The report is
derived from metrics captured and analysed
by Webroot’s advanced, cloud-based Machine
Learning architecture; the Webroot Platform.
Phishing attacks increased by 36%, with the
number of phishing sites growing 220%
over the course of 2018. Phishing sites
now use SSL certificates and HTTPS to trick
Internet users into believing they are secure,
legitimate pages.
A total of 77% of phishing attacks
impersonated financial institutions and
were much more likely to use HTTPS than
other types of targets. In fact, for some of
the targeted financial institutions, more
than 80% of the phishing pages used
HTTPS. Google was found to be the most
impersonated brand in phishing overall.
After 12 months of security awareness
training, end-users are 70% less likely to
32
INTELLIGENTCIO
fall for a phishing attempt. Webroot found
that organisations that combine phishing
simulation campaigns with regular training
saw a 70% drop in phishing link click-through.
The research also showed that a total of
40% of malicious URLs were found on good
domains. Legitimate websites are frequently
compromised to host malicious content. To
protect users, cybersecurity solutions need
URL-level visibility or, when unavailable,
domain-level metrics that accurately
represent the dangers.
Hal Lonas, CTO, Webroot, said: “We
wax poetic about innovation in the
cybersecurity field, but you only have to
take one look at the stats in this year’s
report to know that the true innovators are
the cybercriminals.
“They continue to find new ways to combine
attack methods or compromise new and
existing vectors for maximum results.
“My call to businesses is to be aware, assess
your risk, create a layered approach that
protects multiple threat vectors and above all,
train your users to be an asset – not a weak
link – in your cybersecurity programme.”
www.intelligentcio.com