We often say that when it comes to protecting an organization from cybersecurity threats, no one solution is adequate. Traditional security protocols that rely on URL inspection, domain reputation methods, or blacklists, become outdated quickly and just aren’t fast enough. And, frankly, they cannot adequately secure an organization from the largest security gap – the human element.
Security threats are evolving and becoming more sophisticated. A trend has emerged revealing that phishing threats are outpacing malware as the largest attack vector, which exposes the human element to greater scrutiny in the overall threat landscape. Data sourced by Google from millions of Chrome users during the 2009 to 2018 timeframe shows the number of unsafe websites detected per week for malware declining while phishing sites continue to grow.
With the knowledge that most antivirus and similar existing security technologies are focused on preventing malware, and not designed to catch phishing or social engineering attacks, bad actors have evolved. They have become more proficient in their approach, increasingly targeting human nature which is why there has been a rise in phishing. And we see this trend across our networks as well. Three to four years ago, we were catching much more malware than we do now. During the last two years, 90% of the infections that we see across our customer base are predominantly phishing and social engineering attacks.
The phishing attacks have evolved as well. Fake login pages are no longer the only game in town. HTML phishing can be delivered straight into browsers and apps, bypassing security infrastructure (SEG, NGAV, NGFW, AEP) and evading legacy security methods. Employees can’t always spot the fakes, and traditional defenses that rely on URL inspection, domain reputation, and blacklists just don’t react fast enough.
An Osterman Research report we commissioned earlier this year also found that humans are the weak link in the security chain. The survey conducted found that three percent of users are never trained on detecting phishing and security threats, 30 percent receive training only once per year, and another 21 percent are trained only twice per year. Overall, more than half of users receive minimal or no training on how to deal with the myriad of security threats they encounter very regularly. While we certainly recommend employee training, it simply isn’t enough!
Going back to 2015, we saw how spear phishing led to the largest health data breach at the time, exposing 78.8 million patient records from Anthem. Today, phishing threats and attacks are even more advanced and target users across numerous attack vectors. A Bloor Report late last year – Security is a Human Problem – drew this bottom line:
Human nature is a key vulnerability and attackers know how to exploit it. People are the weakest link. But only lip service has been paid to this for too long. Technology is available to rectify this situation and every organization should take note.
SlashNext Real-Time Phishing Threat Intelligence is the industry’s broadest, most up-to-the-minute intelligence on phishing threats. It is powered by SEERTM (Session Emulation and Environment Reconnaissance) threat detection technology using virtual browsers in a purpose-built cloud to dynamically inspect sites with advanced computer vision, OCR, NLP, and active site behavioral analysis. Machine learning enables definitive verdicts—malicious or benign—with exceptional accuracy and near-zero false positives. Unlike other anti-phishing technologies and threat feeds, SlashNext covers all six major categories of phishing and social engineering threats–credential stealing, scareware, rogue software, phishing exploits, social engineering scams, and phishing callbacks (C2s).
Human nature and fallibility are the weak links in network security and no match for most cybersecurity protection because of latency. Real-time phishing detection is the only true solution in today’s threat landscape. See for yourself, try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.