Reducing Phishing Risk Doesn’t Have to Be Complicated or Expensive
What’s the common denominator between most of today’s nastiest cyberattacks like business email compromise, account takeover and ransomware? If you said phishing, you’re right. An unprecedented level of phishing has created a new level of security stress for organizations and IT professionals everywhere. While it pays to investigate new tools and techniques that will help reduce a company’s phishing risk, it also pays to remember that some traditional weapons never become obsolete, giving businesses a consistent security boost without a big upfront investment. Security awareness training and phishing simulations are exactly the dynamic duo that businesses need to reduce phishing risk fast.
Excerpted in part from our cybercrime report The Global Year in Breach 2022. DOWNLOAD IT>>
Finding the fix for your security & compliance training challenges is easy with our buyer’s guide! GET YOUR GUIDE>>
A New Phishing Surge Brings New Danger
Phishing has reached new heights, scoring an all-time high in Q1 2022 by surpassing one million recorded attacks. This is unwelcome news for IT professionals who have been contending with a non-stop tide of phishing-related threats that has only grown more dangerous since the start of the global pandemic. The Anti-Phishing Working Group (APWG) recently released a report noting that they recorded 1,025,968 total phishing attacks in Q1 2022, with the largest number noted in March. This is a substantial increase over the prior record of 888,585 attacks, observed in Q4 2021. Researchers also noted that the number of phishing attacks that they’ve recorded has more than tripled since early 2020 when they saw between 68,000 and 94,000 attacks per month.
|Number of unique phishing Web sites (attacks) detected||331,698||309,979||384,291|
|Unique phishing email subjects||15,275||14,176||24,187|
|Number of brands targeted by phishing campaigns||608||621||673|
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Phishing Patterns Constantly Evolve
Researchers noted changes in phishing patterns in many industries, and it’s easy to see that phishing is a foe that constantly evolves, making it a threat that can be hard to pin down. APWG researchers noted that phishing attacks against webmail and software-as-a-service (SaaS) providers remained prevalent, as they were in late 2021 as well. Seasonal shifts occurred in the pace of attacks against retail and eCommerce companies falling from 17.3% in late 2021 to 14.6% after the holiday shopping season. Phishing against social media sites also rose in the first part of 2022, climbing from 8.5% of all attacks in Q4 2021 to 12.5% in Q1 2022. Phishing around cryptocurrency has continued to be a problem. Cryptocurrency exchanges and wallet providers were hot phishing topics and phishing risk around them remained steady from late 2021, inching up from 6.5% in late 2021 to 6.6% in Q1 2022.
7 Industries Most Targeted by Phishing
in % of total phishing messages analyzed
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
What Phishing Tricks Do Employees Fall For?
Phishing has been the reigning champion of data breach risks for three consecutive years because it’s versatile, cheap for cybercriminals to run and highly effective. CISCO’s 2021 Cybersecurity threat trends report shows that at least one person clicked a phishing link in around 86% of the organizations studied. Our award-winning security and compliance awareness training solution BullPhish ID is used by organizations of all sizes in a wide variety of industries. Analyzing the results of thousands of phishing resistance training sessions and phishing simulations with BullPhish ID illustrates the degree to which phishing is an ongoing challenge to conquer.
2021 BullPhish ID phishing resistance training totals
- Total number of training campaigns created – 81,484
- Total number of phishing simulation emails sent – 2,424,762
- Total number of clicks on phishing simulation emails – 106,670
Top 3 security awareness training courses of 2021
- Phishing: Introduction to Phishing – 150,163 created trainings
- How to Avoid Phishing Scams – 129,666 created trainings
- Phishing: The Dangers of Malicious Attachments – 100,265 created trainings
Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>
Security Awareness Training to Reduce Phishing Works
One of the most effective weapons against phishing is regular security awareness training. This multi-benefit dynamo slashes the chance that employees will fall for a phishing lure dramatically. In fact, 80% of organizations in a study said that security awareness training reduced the chance that a staffer would fall for phishing substantially. Ultimately researchers determined that although security awareness training doesn’t work overnight, it makes steady progress that holds up over time reducing a company’s phishing risk from 60% to 10% within the first 12 months.
Every minute an employee spends in training pays off. Employees who receive training know that they play a part in defending their employers from cyberattacks. In a study by Osterman Research, analysts noted that the less security awareness training employees receive, the less they see themselves as playing a role in maintaining security. An estimated 70% of employees who spent less than five minutes per month on security awareness training said that they played little to no role in defending their company from cyber threats. But with more than five minutes of training every month, there’s a 40% improvement in the percentage of employees knowing that they play a role in defending their organization from cyber threats.
Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>
Phishing Simulations Are Effective
Beyond training with videos and quizzes (the most effective type of security awareness training), training employees to resist the temptations of phishing lures using phishing simulations is an effective tactic. In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing. People are more likely to learn and retain new knowledge by experience, and phishing simulations help employees hone their ability to spot red flags – and an estimated 90% of employees who receive more than five minutes of security awareness training every month are likely to know to divert suspicious messages to administrators or the IT team.
Our award-winning security awareness training solution BullPhish ID offers organizations the ability to train employees with phishing simulations using customized content or plug-and-play premade modules. Here are the results of employee phishing simulations conducted through BullPhish ID in 2021.
Top 3 phishing simulation campaigns that successfully drew employee interaction
- Office 365 – Suspicious Login – 10,879 clicked
- FedEx – Package Delivery – 6,535 clicked
- Google Docs – Invitation to Edit – 4,492 clicked
Top 3 phishing simulation campaigns that captured credentials & data
- FedEx – Package Delivery – 2,056 captures
- Office 365 – Suspicious Login – 1,736 captures
- COVID-19: SharePoint Webinar – 1,440 captures
Top 9 industries where employees supplied their credentials in phishing simulations
- High-Tech & IT — 3,755
- Medical & Healthcare — 3,504
- Other — 4647
- Manufacturing — 1,801
- Non-Profit Organization — 1,758
- Education & Research — 1,522
- Finance & Insurance – 1,239
- Business & Professional Services – 1,144
- Retail & Ecommerce — 1,046
- Legal — 704
Total number of credentials submitted in simulations in 2021 — 23,353
Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>
Choose a Phishing Simulator & Security Awareness Training in One Powerhouse Solution
BullPhish ID is an affordable security and compliance awareness training solution and the industry leader in phishing simulations. Now we’re making it easier than ever to run phishing simulations that are highly effective in improving employee phishing resistance.
NEW FEATURE! Enjoy a major BullPhish ID enhancement, Advanced Phishing Simulations (Drop-A-Phish), that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users. LEARN MORE>>
BullPhish ID contains all of the tools that IT professionals need to run great training programs. These features help ensure that employees quickly gain cybersecurity knowledge and compliance skills while developing their phishing resistance fast to protect organizations from phishing-based cybercrime.
- Choose from a wide variety of plug-and-play phishing simulations, with new phishing simulation kits added every month.
- Train your way with fully customizable content including links and attachments to reflect industry-specific threats.
- Access a huge library of security and compliance training videos with 4 new videos added every month
- Quickly measure retention and see who needs more help with quizzes and easy-to-read progress reports.
Read case studies of MSPs and businesses that have conquered challenges using ID Agent solutions. SEE CASE STUDIES>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!