Phishing Attacks At An All Time High
Phishing attacks are at an all-time high and they’re becoming costlier every year. Phishing is an especially common form of cyberattack, since it can be done by virtually anyone with enough time and a small amount of technical knowledge.
In fact, other common attack vectors like ransomware, data theft, and other dangerous cyberattacks usually start with a targeted phishing campaign before escalating.
The Cost of Phishing Attacks
As simple as phishing sounds, it can often lead to disastrous results for the victim organizations. The average annual cost of phishing attacks increased to $14.8 million in 2021.
This increase is mainly due to the higher costs associated with resolving successful malware attacks, which jumped from $338,098 in 2020 to $807,506 in 2021.
Other cost increases included lost productivity as employees dealt with the consequences of phishing attacks, as well as increased costs in dealing with stolen credentials. Business Email Compromise (BEC), a type of cyberattack involving deceptive or misleading emails, cost companies an average of $5.7 million in 2021 alone.Â
Since 2015, the average cost of phishing attacks has quadrupled, and it doesn’t show any signs of slowing down.
The cost of cleaning up a successful breach can have far-reaching impacts beyond just the direct loss to the attacker, as Colonial Pipeline found out in 2021. After paying $4.4 million in ransom, they had to deal with the mess created by losing an entire week of operation. This is a huge problem for a company that supplies 45% of the petrol, diesel, and jet fuel for the entire East Coast! The attackers gained access to the company’s servers by using phishing attacks to steal an employee’s password.
The True Dangers of Phishing for Businesses
While many businesses are aware that phishing is a dangerous threat, these 10 facts can shed light on just how dangerous these simple attacks be:
- 69% of all BEC attacks are related to spear phishing, a type of phishing that targets specific individuals in an organization rather than casting a wide net
- Phishing attacks doubled from early 2020 to 2021, with an equally large increase in the number of different brands being targeted by attacks (from 400 to 700)
- SaaS and webmail (29.1%), as well as financial institutions and payment providers (24.9%), were the most common targets of phishing attacks in 2021
- 49% of BEC attacks involved spoofing a personal or company identity in the display name of the email, often a boss or manager’s name
- Employees face an average of 14 malicious emails per year, with some employees like retail workers getting an average of 49
- Throughout 2020, 86% of organizations had at least one of their employees try to connect to a phishing site, likely from clicking a malicious link
- 96% of phishing attacks are carried out through email, with 3% from malicious websites and 1% over the phone
- Phishing attacks increase an average of 150% the week before Christmas
- 38% of phishing emails contain links to malicious websites in the email body, with 36% containing malicious attachments
- 60% of organizations lost data in a phishing attack, and 52% had company accounts and credentials compromised
Despite the bleak statistics, there is still some good news. Training and awareness that specifically addresses phishing can reduce the cost of phishing attacks by 53% on average.
By helping your employees learn to recognize and avoid phishing attempts, you can shield your organization from the brunt of the costs.Â
Remember – it’s not “if” a breach happens, it’s “when”, therefore you’ve got to be proactive.
Contact us today for more information, or schedule a free, 15 consultation with one of our Senior IT Consultants! We will be happy to answer any questions or concerns you may have. Alternatively, visit www.optistartech.com to learn more about the services we provide.
Don’t forget to check out our other articles here to learn more about cybersecurity, security solutions, and IT management for organizations!
