Cyber threats: trends in phishing and spear phishing – infographic
Phishing is a global problem for businesses as well as individuals, targeting 37.3 billion people globally in the past year
Click to enlarge the infographic above
Most of us have wisened up to basic scams and know better than to accept a Nigerian prince's offer of money, or a miraculous win on a Spanish lottery that you can't quite remember entering. But cyber criminals are raising their game and have evolved their tactics to target the more cyber-aware for greater returns. Sophisticated 'spear phishing' attacks can be hard to spot by the experts; even the largest of organisations is not immune.
What chance does this provide the average company or employee, let alone those who use computers infrequently?
Spear phishing is not random – cyber criminals identify employees within a target organisation and use social engineering tactics to construct a legitimate looking email. The FBI have warned business to be more aware of spear phishing tactics, as hackers target employees with administrative rights or access to critical systems.
91% of APTs (advanced persistent threats) start with phishing attacks and success could give cyber criminals the 'keys' to bypass security and initiate further attacks. Clicking a link doesn't mean that you are immediately compromised; phishing is part of a larger attack.
Hackers need to expose a system vulnerability and be able to install software quickly and quietly. However, cyber criminals use advanced tactics to disguise malicious attachments and sites to trick users into further action.
"The weakest link in computer security is the individual user and they may not realise how easy it is to be fooled into being that weak link … phishing emails are becoming increasingly elaborate and are now successfully used to obtain trade secrets, commercially sensitive information and intellectual property," says Seth Berman, executive managing director at Stroz Friedberg.
How can information security professionals reduce this risk? Like most information security threats, employee education and awareness is key to success.
This infographic by Via Resource highlights trends and targets in phishing attacks.
Click on the image above to enlarge the infographic