Proofpoint has released the second installment of its Human Factor Report. The report gives in-depth insight into how hackers exploit the “human factor” in targeted attacks, as well as details on the percentage of malicious links in emails that actually get clicked on, the industries and job roles that are most heavily targeted with phishing, what types of phishing campaigns are most successful and how long an organisation has to find and stop a malicious email before it is clicked by an unsuspecting user.
Key findings from the study are below, however a full copy of the study can be found here.
- On average one of every twenty-five malicious messages delivered are clicked by users. The volume of messages an organization receives has little to no impact on the click rate: every organization clicks, and the rate of clicking for an organisation is never zero
- All industries are being targeted with malicious messages, but a few stand out. Users in Banking & Finance received 41% more malicious messages than the average across industries. At the same time, there is no industry that does not receive email-borne advanced threats.
- Cybercriminals no longer focus exclusively on stealing user and account information from banks, and all organizations are now at risk from attacks. While credit card data theft has shifted to any organization of any size that might accept or process credit card payments, the higher value of personal health records (PHR) and insurance cards on the black market are driving attackers to target large and small organizations in health care and insurance. Meanwhile, intellectual property (IP) theft and the opportunity for direct financial transfers means cybercriminals are attacking previously ‘uninteresting’ sectors such as manufacturing, shipping, energy, utilities, and even construction
- All user roles are targeted, though Middle Management has become much more targeted. Managers and Staff clicked on links in malicious messages two times more frequently than Executives. Compared to last year, Managers also received more malicious emails and doubled their click rates.
- Every department is a target, even if some are better than others about clicking on malicious messages. While malicious messages were targeted very evenly across organizational departments, Sales, Finance and Procurement clicked on links in malicious messages 50- 80% more than the average departmental click rate. Attackers are targeting corporate financial users with access to payments and funds transfers, rather than trying to blanket all users.
- The most clicked email lures were Communication Notification lures such as e-fax and voicemail messages alerts. The use of social media invitation and order confirmation lures – the most popular and effective email lures last year – decreased dramatically. Email lures that employ attachments rather than URLs, such as invoice and account statement lures, increased significantly as a vector, on some days driving a 1,000% increase in messages with malicious attachments over the normal volume.
- Clicks happen fast. The clock is ticking: organizations no longer have weeks or even days to find and stop malicious emails, because attackers are luring 2-out-of-3 end users into clicking on the first day, and by the end of the first week 96% of all clicks had occurred.
- Attacks are occurring mostly during business hours. The majority of malicious messages are delivered during business hours, peaking on Tuesday and Thursday mornings, and Tuesday is the most active day for clicking, with 17% more clicks than the other weekdays.
About Proofpoint, Inc.
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at www.proofpoint.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.