Phishing Attacks Are Tiny by Volume, and Massive by Impact

As a tech company, we’re obligated to brag about big numbers — petabytes of data, gigaflops of processing — but I’m actually about brag about a really small number: 0.1%. Any idea what it is? I’ll give you a hint: If you’re in cybersecurity, it’s the only number that matters.

That’s the average volume of phishing attacks encountered corporate users across email, web and network traffic. It’s a tiny number. But it’s responsible for more than 95% of all of the damage in cybersecurity — a number expected to reach $2.1 trillion by 2019. But that tiny number of malicious emails happens to be a number that we totally eliminate.

If you’re a security professional, or you run a business, you should ask yourself if your cybersecurity dollars are aligned to stopping that threat.

If you ask an infosec professional what they’re spending their money on, phishing won’t get a line item. Firewalls and fancy equipment won’t fix it. It’s no wonder companies are spending more and more on insurance, throwing up their hands, and waiting to get hacked.

With globally distributed sensors and comprehensive preemptive-attack analytics, Area 1 stops phishing campaigns, before they cause damage. We use these insights to stop the phishing attacks across email, web and network traffic.

When it comes to email, it’s the best of times and the worst of times. Just a few years ago, most companies hosted their own unwieldy email servers. Our latest email services require less staff for updates and security and are more mobile than our inboxes of yore.

And up until recently opening your email meant sifting through email about off-brand Viagra and Nigerian princes. Those bad old days for high volume unwanted emails are mostly behind us thanks to some real progress on blocking spam and commodity threats that also comes included with the cloud email platforms.

That’s the good news. The bad news is our email is the now place that company-shaking (and election-shuddering) hacks start. We’ve gotten very good at “commodity threats” in our inboxes, the type of messages delivered to thousands of people, but in some ways that success has made us more complacent about a bigger threat: phishing emails.

Unlike spam, phishing emails can be extremely hard to detect, and use a variety of psychological tactics and personal research to get through. No spam filter can stop that. Some phishing emails, like the Business Email Compromise (BEC), don’t even rely on attachments or malware.

Employees can fall for phishing emails at home and then bring them to the office. Malicious emails can come from people you know, or your own supply chain or partner ecosystem.

Web phishing is a vital part of email phishing campaigns. Even casual browsing can take an employee to a malicious page where a drive-by download can infect them with malware. Your security has to protect against watering hole attacks, malvertising, and credential harvesting. Even “good” websites can be hijacked in parts, like their ads, to deliver malware or lead you to dangerous parts of the web.

The near constant stream of stories about major hacks is proof of this primary pain point. Phishing is the scourge of our current technology. It’s also a problem we solve, in your inbox, when you are browsing the web and at your network edge. And we extend the coverage to your small and midsize strategic partner companies, to keep threats from coming through them into your network.

The number 0.1%, is really important to Area 1 Security because it’s a number we totally stop. We guarantee that your company won’t get breached by phishing if you’re using our solution across the email, web and network traffic.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.