Over 50% of Firms Successfully Phished in 2019

Globally more than half of firms reported a data breach attack in 2019.

Over 50% of businesses have dealt with at least one successful phishing attack in 2019, according to an annual report which investigates the severity of phishing scams.

To produce the 2020 “State of the Phish” report, by cyber security and compliance firm Proofprint, data was used from nearly 50 million simulated phishing attacks deployed by Proofprint to end users over 12 months.

In addition, investigators trawled through over 600 information security professionals’ completed surveys to collate their responses and examined vital cyber security knowledge of over 3,500 working adults across the globe, covering the US, Australia, France, Germany, Japan, Spain and the UK.

Key findings consisted of 55% of organisations who were surveyed dealt with at least one successful phishing attack in 2019 and infosecurity professionals reported a high frequency of social engineering attempts across an array of methods.

The report also revealed that speak-phishing attacks were reported by 88% of organisations worldwide, while 86% reported business email compromise attacks and social media attacks.

In addition, phishing via text/SMS, which is known as smishing in the industry, attacked 84% of organisations, while 83% confirmed experiencing voice phishing, or ‘vishing’.

However, the report had light at the end of the tunnel as it revealed that educating and training employees on how to avoid getting attacked proved successful – as 77% of businesses said that security awareness training reduces the amount of attacks.

Joe Ferrara, Senior Vice President and general manager of security awareness training for Proofpoint said:

“Effective security awareness training must focus on the issues and behaviours that matter most to an organisation’s mission.

“We recommend taking a people-centric approach to cyber security by blending organisation-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognize and report attacks.”

The number of reported attacks jumped significantly year on year, with victims reporting more than nine million suspicious emails in 2019 – which is an increase of 67% over 2018.

Phishing remains the most used tactic by cyber criminals, which is prevalent in the legal industry, to con people into divulging their personal information including bank details, which they can then use for fraudulent purposes.

Cyber attacks on UK firms have soared by a staggering 243% over the summer in 2019, in comparison to the same period in 2018 summer, while the National Cyber Security Centre (NCSC) revealed late last year that it has defended the UK against 658 cyber attacks in the previous 12 months.