According to the Anti-Phishing Working Group (APWG), an international coalition of counter-cybercrime responders, phishing attacks climbed to a new record high in 2022. The APWG Report analyzes phishing attacks and other identity theft techniques, as reported by its member companies and research partners. By drawing from the research, APWG measures identity theft methods, evolution, proliferation, and propagation.
AWPG Phishing Activity Trends Q2 2022
The number of phishing attacks reported to APWG has quadrupled since early 2020, when there were between 68,000 and 94,000 attacks per month. The most frequently attacked industry was the financial sector, which includes banks, accounting for 27.6%.
Phishing is a social engineering crime to steal personal identity data and financial account credentials. Phishing schemes prey on unwary victims by fooling them into believing they are dealing with a trusted, legitimate party, leading them to counterfeit Web sites that trick them into divulging sensitive data including credentials. Additionally, this sensitive data can become available on the dark web, available to attackers using Open-Source Intelligence (OSINT) techniques. Credentials found through OSINT can then be used to attack your network.
There's no magic bullet to help protect you against all phishing attacks. But a combination of software, skepticism and common sense will go a long way. To prevent Internet phishing, users should know how cybercriminals do this and be aware of anti-phishing techniques to protect themselves from becoming victims.
In 2022 mature organizations provide cybersecurity awareness training for their employees. Particularly when it comes to phishing, cybersecurity is everyone's job.
Tips from OWASP to avoid Phishing:
According to the security awareness training organization KnowBe4, over 90% of data breaches start with a phishing attack. So, are your employees susceptible to phishing attacks? You can find out by deploying phishing security tests and comparing results against industry benchmarks.
Of course, security awareness training and phishing avoidance tactics are only part of a resilient defense-in-depth strategy. Cybersecurity and privacy risks remain among the top threats facing business organizations today. Increasingly, boards are holding information security leaders accountable for return on security investments. This accountability demands a more sophisticated approach to risk management. The goal is to manage business risk using an efficient methodical process.
Risk management identifies, evaluates, and prioritizes risks such as phishing based on the probability and impact of incidents. Risk management, especially cybersecurity and privacy, is a critical concern for shareholders and other stakeholders including sales teams, investors, customers and staff.
Cybersecurity is not just an IT issue but a strategic business enabler. Effective organizational cybersecurity contributes to new opportunities to create value. In addition, organizations win trust and accelerate sales by demonstrating their ability to execute cybersecurity and privacy best practices.
At Truvantis, we also have a three-pronged approach to building and maintaining information systems for cybersecurity, privacy and compliance:
Truvantis is a governance, risk management and compliance consulting organization. We specialize in helping our clients by implementing, operating, auditing and testing information security programs that work – balancing budget with organizational risk appetite. Contact us today to speak with a cybersecurity, privacy and compliance expert.