Last year, 74% of companies experienced a successful phishing attack. As phishing attempts become harder to detect, this gateway to many cyberattacks continues to threaten the global cyber ecosystem. Knowing what to look for is the key to mitigating attacks before it’s too late.
Phishing is defined by NIST as a technique to acquire sensitive data through fraudulent solicitation. The perpetrator usually masquerades itself as a legitimate business or authoritative person. Although the overall goal to steal data is the same, not all phishing attempts look the same, or come from the same source.
Source: NIST 1. Mass Email Campaigns Across Corporate Entities
The average cost of a phishing attack is $4.65 million in 2021— a large price to pay for a single employee’s click on a fraudulent email. Threat actors know the more access to confidential data, the higher the reward. Industries that are most at risk for a phishing attack include financial institutions, social media, SaaS/ webmail, and payment.
Human error accounts
Read the article