Phishing Still the Top Attack Vector

“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.

December and January saw a dramatic upward swing in Phishing. It has since leveled off, but still remains the top attack vector among cyber criminals. While most organizations are aware of the phishing problem, many still struggle with how to deal with it. Disconnects between practitioners and decision makers need to be looked at, but on the whole, users are not prepared to confront this ever-changing threat.

A recent study conducted by Osterman Research surveyed 252 cross-industry security professionals from the US and UK. Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority. This suggests that security personnel believe they have a sufficient handle on phishing prevention while the C-Suite still sees substantial business risk. The report also suggests organizations do not have proper training and controls in place to confront the phishing problem.

Key research findings:

• Security analysts spend 24% of a 40-hour work week investigating, detecting or remediating phishing emails.
• Only one in five organizations continuously update and tweak its corporate email security policies in a typical month.
• Nearly three in five organizations train their users on proper email security protocols no more than twice per year.
• More than 70% of organizations use only manual processes for reviewing user-reported phishing emails, making it far too labor and time-intensive to mitigate email threats at scale.

The survey also found that phishing emails continue to take organizations a substantial amount of time to detect, investigate and remediate. In total:

• 70% of organizations take more than 5 minutes to remove a phishing attack from a corporate mailbox even though the average time-to-click is 82 seconds.
• 75% of organizations cannot act on phishing intelligence automatically and in real-time.
• 90% of organizations cannot orchestrate phishing intelligence from multiple sources in real-time in the context of their overall email security solution(s).

“The survey’s findings reinforce the significant challenges that email phishing attacks incur on organizations of all sizes,” said Michael Osterman, principal analyst at Osterman Research. The recent COVID-19 outbreak plays right into this. Thousands of malicious COVID-19-related
domains are being registered daily to exploit the global public’s insatiable appetite for information on the pandemic. Since the outbreak went global in February, coronavirus-themed spam has increased by 4,300%. And in just a two-week period in March, such spam skyrocketed by 14,000%.