Over Half of Organisations Were Successfully Phished In 2019 (Jan 24, 2020)
Eighty-eight percent of worldwide organisations had recorded attempts of spearphishing in 2019 with fifty-five percent of them in total being compromised. These numbers are likely higher due to the fact that companies would prefer not to disclose any compromises and affect company value. There had been a rise of suspicious emails by sixty-seven percent in 2019 compared to 2018. The majority of the compromises come from lack of knowledge on the employees’ side of things with forty-five percent of questioned employees admitting to password reuse and more than half not password-protecting home networks.
Recommendation: It is important that your employees use different passwords for business-related accounts because actors will often test other accounts with previously stolen passwords. In addition, it is crucial that business accounts use a form of two-factor (2FA), or multi-factor (MFA) authentication to make it difficult for actors to compromise accounts. Education is the best defence, inform your employees on what to expect for information requests from their managers and colleagues. Employees should also be aware of whom to contact when they suspect they are the target of a possible spearphishing attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.