In response to the news that a new report has revealed that phishing was up 74% in Q2 of 2015 and as a result malicious DNS-related cyber-activity also skyrocketed, Kevin Epstein, VP of Advanced Security and Governance at Proofpoint commented on the Phishing up 74% in Q2 2015.
Kevin Epstein, VP of Advanced Security and Governance at Proofpoint :
A. The report states that phishing was up 74% in Q2 2015, has Proofpoint witnessed the same?
“While spam volumes fluctuate on a weekly basis, what’s of greater concern is the percentage of that unwanted mail that’s actually malicious in nature. On any given day, more than 30% of ‘spam’ actually contains weaponized attachments or URLs – and mischaracterizing those emails as spam results in then being placed in user-releasable quarantines, a significant security risk. The increase in breaches resulting from such email-borne attacks points to a clear need for modern targeted attack protection and threat response systems”
B. Has phishing increased in 2015, in comparison with 2014?
“Malicious attacks have absolutely increased in comparison with 2014. On any given day, more than 30% of ‘spam’ actually contains weaponized attachments or URLs — with a bias towards corporate-focused targets, as outlined in the Human Factor report, emphasizing the need for modern targeted attack protection and threat response systems ”
C. What more can be done to help educate computer users on phishing?
“Like fire drills, training using ‘phish’ sent by a testing company can assist in training users — but as our research has shown, even best-in-breed organizations and staff are still fooled. Statistically, everybody clicks — so it’s crucial to augment training with a modern targeted attack protection and threat response system that assumes there will be clicks and engages accordingly”
D. Why do so many cybercriminals resort to phishing, rather than exploiting a company’s security solutions?
“As Proofpoint’s annual report, The Human Factor*, outlines — the weakest point in cybersecurity is between the keyboard and chair. Finding exploitable bugs in software code is difficult and expensive, and once found, such exploits can be plugged. People, on the other hand, have fallen victim to social engineering for centuries — variants on the classic 419 scam date back to at least the 1800’s. It’s easier and cheaper for attackers to exploit people rather than systems; thus, the need for modern targeted attack protection and threat response systems.”
Vice President of Threat Operations
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.