Mon. Nov 18th, 2019

Five 2019 Phishing Statistics Every Business Should Know

One of the biggest threats to organizations is also one of the things professionals use on a day-to-day basis — email. That’s because the majority of cyberattacks begin with a phishing email.

 

As technology continues to advance, phishing attacks continue to grow in sophistication and effectiveness. So, in many cases, it’s hard to tell the difference between a legitimate email and a malicious one. Even worse, phishing is one of the cheapest and easiest cyberattacks for criminals to deploy. This is why phishing is used in so many hacking campaigns.

 

Which brings us to why we’re here — 2019 phishing attack statistics.

 

1 — Nearly one-third of all data breaches in 2018 involved phishing

In 2018, 32% of data breaches involved phishing. And, “phishing was present in 78% of Cyber-Espionage incidents and the installation and use of backdoors.”

 

2 — One in five branded emails is a phishing email

Cyber security platform, Avanan reports that the two most popular brands malicious actors pose as are Microsoft (42%) and Amazon (38%).

 

3 — 48% of malicious email attachments are Microsoft Office files

Most organizations use Microsoft Office for their day to day functions — a fact that phishers tend to exploit. According to data from Symantec’s 2019 Internet Security Threat Report (ISTR), hackers often disguise their malware as Office file email attachments to trick users into clicking it.

 

4 — 58% of phishing sites used SSL certificates

Remember when we mentioned that phishing attacks are getting more sophisticated. Well, one of the ways cybercriminals have evolved is by using SSL certificated. In fact, in Q1 2019, more than half of phishing sites were using SSL certificates.

 

5 — 30% of phishing emails bypass default security measures

Avanan research shows that nearly one-third of phishing messages get past companies’ default security methods.

Conclusion

As the above phishing stats show, the methods that cybercriminals are using to target their victims are changing, so organizations need to change with them.