The State of Phishing Report exposes phishing attacks to the root cause in over 95 percent of breaches. Sophisticated phishing campaigns assault businesses across all vectors: email, web, and network, resulting in theft of intellectual property, data loss, financial damage, brand erosion, and ongoing harm to the brand. Existing defenses have failed to eliminate phishing because they are:
- Focused on general email spam or web compliance
- Reactive and unable to identify small but key patterns
- Siloed on individual delivery methods and not comprehensive
- Focused on awareness rather than decisive deterrent action
The lexicon describing cybersecurity threats has exploded, creating confusion as well as hampering action towards achieving measurable results. Attacks such as BEC, whaling, ransomware, and watering hole are all caused by phishing. These attempts to lure users into opening emails, clicking on links, downloading files, transferring money or data, and entering information such as passwords into websites should be identified and defined by their intent, and not technical method or the effect they cause. All are forms of phishing.
In this phishing report, we see many statistics that rank phishing in the 90th percentile as the cause of data breaches. Regardless of the true percentage point, phishing is clearly the most effective method of hacking, with the most severe consequences.
Even the most credible statistics may employ different terms to describe what is essentially the same thing. This can distract customers from attacking the root cause of their problem and instead focus their attention—and their dollars—on solving symptoms.