In The Human Factor Report 2022, security vendor Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021. The report is based on their analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts and 1.7 billion mobile messages.
The study details most common attack surfaces and methods including categories of risk, vulnerabilities, attacks, Russian Aligned APT’s, and Privilege as a vector.
- 50% – Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk
- 100k – Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.
- Malicious URLS are 3-4x more common than malicious attachments.
- Smishing attempts more than doubled in the U.S. over the year, while in the U.K. over 50% of lures are themed around delivery notification.
- More than 20 million messages attempted to deliver malware linked to eventual ransomware attack
- Data loss prevention alerts have stabilized as businesses adopt permanent hybrid work models.
- 80% of businesses are attacked by a compromised supplier account in any given month.
- 35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.
Cybercriminals continue to rely on human interaction to click malicious links, download dangerous files, inadvertently install malware, transfer funds, and disclose sensitive information. The security of an organization can be addressed by tackling the password issue head-on by completely removing passwords from the equation.
By eliminating the use of knowledge-based authentication users cannot share credentials and phishing attacks cannot capture passwords (since there are none to expose). Brute force attacks are ruled out because bad actors can’t guess a password that doesn’t exist, and keyboard recorders can’t capture password information. Password-less authentication is of interest to all types of organizations, public and private, regardless of where they are on their digital transformation journey.
The global pandemic has amplified the need for simple and secure access for employees, customers, and partners because these groups now work or operate from any location that can’t be secured by IT security. With the surge in gas prices remote work will remain the norm and a world where zero trust is the only solution will remain. We are living in a world where Passwordless authentication should be the norm.