Phishing attacks have continued to increase over the last year and are one of the biggest cyber risks for companies. The loss of data leads to high costs and can sometimes even result in the closure of the company.
Phishing remains one of the biggest cybersecurity threats and poses significant risk to virtually all organizations and businesses. Cyber attacks are not only becoming more sophisticated every day, but also more numerous: According to a study by Egress, 94 percent of companies were affected by phishing attacks in 2023. Additionally, 91 percent of companies struggled with data loss and exfiltration. The top three causes of data loss were reckless behavior, human error, and malicious exfiltration.
The serious consequences of a phishing attack
The negative effects of data loss are diverse, says Dr. Martin J. Krämer, Security Awareness Advocate at KnowBe4. Businesses may suffer loss of customers, reputational damage, litigation and, in more serious cases, may have to cease operations altogether. The survey found that 58 percent of companies had to cease operations after internal information barriers were breached via email. Last year, more companies were affected by security incidents caused by data loss and exfiltration than the year before: A full 94 percent of companies surveyed said they were negatively affected by phishing, an increase of eight percent compared to last year's report before. Another important finding is the finding that 79 percent of account takeovers were due to phishing attacks.
Criminals sell login details of hacked employee accounts
Phishing is the most common tactic for credential harvesting and account takeover. These emails often contain a link to a website that collects login information. Account takeover is understandably one of the biggest stressors for cybersecurity leaders. Once threat actors gain access to an employee's account, they use it to sell credentials to other cybercriminals and send phishing emails that are difficult for traditional security systems to detect because the threat comes from a trusted domain.
Organizations continue to face challenges when it comes to advanced phishing attacks, user misconduct and data exfiltration, so it is important that employees receive appropriate training to strengthen the security culture within their organization.
More at KnowBe4.com
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.
Matching articles on the topic