Inside phishing data: What works and doesn’t work with employee training

The headlines are full of horror stories lately about cyberattacks and the havoc wreaked by ransomware. But is ransomware the number one threat in the enterprise? How prevalent are phishing-related breaches? What factors influence susceptibility to phishing? And how effective is security awareness training

Two recent reports attempt to provide answers to these questions. 

Dark Reading’s “Strategic Security Survey” highlights the fact that phishing continues to haunt the enterprise, placing ahead of malware and distributed-denial-of-service (DDoS) attacks as the most common cause for data breaches in 2021. In fact, more organizations experienced a data breach last year due to phishing than any other cause: 53% of organizations reported a phishing-related breach compared to malware at 41% and DDoS at 17%. Ransomware-related breaches came up only 13% of the time. 

Clearly, ransomware is a significant threat. However, phishing remains the tried-and-true tool of choice of cybercriminals. It is also the primary route for ransomware incursion. Therefore, attention to phishing detection and prevention should be the number one priority in cybersecurity.

“Ransomware gets all the headlines, but bad actors are working day and night to attack your organization where it is most vulnerable — and that is soft attacks on workers via phishing,”

Read More: https://resources.infosecinstitute.com/topic/inside-phishing-data-employee-training/