With the lack of high-profile headlines around data breaches this year, you’d be forgiven for thinking the cybersecurity threat is diminishing. Far from it. In fact, Q3 figures from the Anti-Phishing Working Group (APWG) show that the number of phishing attacks is on the rise again, increasing to a level not seen since 2016.
The APWG detected a whopping 266,387 phishing sites in the third quarter of 2019 – a rise of almost 50% from Q2. Have phishing attacks really risen so dramatically in such a short period of time, or have organisations just got better at detecting and reporting them?
It’s probably a bit of both. As organisations become more ‘cyber mature’, they’re getting better at deploying phishing resilience measures and educating their people. Therefore, it’s fair to assume that workforces are more ‘woke’ to the threat of phishing and the typical methods employed by baddies. Organisations are also more aware of the need to report such attacks – GDPR and the Data Protection Act 2018 compel organisations to report breaches. There’s no sweeping it under the rug anymore!
Whatever’s behind the rise, it’s clear that the numbers are not going in the direction we want. Bad actors are getting more organised and patient (sometimes monitoring communications and gathering info for months before they act), and attacks are becoming more complex and sophisticated.
Much like bacteria that’s evolved to become immune to antibiotics, cyber-criminal gangs are constantly evolving their methods, focus and persistence to achieve their goals. Every successful attack provides the motivation (and funds) to continue to evolve and perpetrate more attacks. If we can limit the success of phishing scams right now, we’re cutting off the funds and motivation for future attacks.
Email and software-as-a-service sites remain the biggest targets for phishing criminals. But, due to the nature and increasing sophistication of scams, there may not be the typical warning signs to look out for.
Defending your organisation is a case of building resilience to the specific threats posed by phishing (and this includes educating your workforce), while also engendering a wider culture of cybersecurity. At The RANt Group, we work with some of the UK’s most prominent companies to do exactly that. Discover how our advisory and managed service offerings can help make your organisation more resilient.