Despite multi-layered security defenses and phishing awareness training for employees, threat actors are using more clever and convincing ways to exploit the human attack surface. In fact, according to Verizon’s 2018 Data Breach Incidents Report, over 90% of breaches start with phishing. Humans remain the weakest link and thus the most effective “exploit” for cyber criminals to use to gain access to sensitive corporate assets.
While email phishing remains a common tactic, most of the anti-phishing security controls and employee awareness training are focused in that area. Still, secure email gateways aren’t perfect, and neither are humans. Workers are fallible, multi-tasking, and more distracted than ever. They sometimes click on email links they shouldn’t. They also use the Web for everyday work or entertainment. Threat actors know this and have updated their tactics accordingly. The threat landscape has changed.
Today, phishing attacks are rapidly expanding beyond email and employ a greater variety of Web-based tactics to conduct phishing campaigns. Workers are now also targeted and exposed to phishing threats via ads, browser pop-ups, search, social media, IM, rogue browser extensions, and more.
To learn more about the new threat landscape with phishing attacks on the Web, please read the following report.