We published the infographic “Phishing Analytics” (English, Portuguese and Spanish) that compiles interesting facts about the behavior of people in relation to fraudulent messages, including Phishing, Vishing and SMiShing.
In addition to already be a problem on its own, we emphasize that this kind of message is increasingly used to disseminate Advanced Persistent Threats (APT), which can cause serious financial and brand damage to corporations, see the recent cases of Banks, Credit Cards, Retail, Sony, among other companies.
Phishing is actually the first stage of a major invasion, and by its nature, developed to a single use, such as the technique of Spear Phishing, it becomes very difficult to detect and blocked only by technology. Trend Micro said in their study that 91% of APTs start through a Phishing.
The result of this “easy way” to circumvent technologies with people’s lack of knowledge, skills and established processes, corroborates the data that showcases two (02) in every five (05) companies had some type of Data Breach or Theft in recent years.
The PhishX analyzes the behavior and trends of Phishing, especially in its PhishX Analytics platform, which analyzes market indicators, main reasons and effectiveness of the methods and targets of those messages.
In Brazil, the companies that have large dissemination of its brands, especially in the B2C market (Business to Consumer), such as Financial, Telecommunications and Retail, continually suffer from fraudulent messages.
In parallel, following our culture, the main reasons used in these messages are highly valued items such as Travel and Vacation Packages, Social Networks and Online Sales.
By analyzing years of data in our platform, and anonymously using the data of our customers, we identify some indicators that prove the efficiency of Phishing, regardless of industry sector or company size.
Do not matter if we focus on Mobile Device (Smartphones, Tablets, etc.), Computers, or people, the average of the first Phishing simulations is an alarming 40% efficiency, which gives four (04) within ten (10) people. Multiplying this by the amount of people in your organization, the number of people who may fall into this kind of threat can get in the hundreds or thousands.
Another interesting point of view is the average time to the first person to fall in the simulation, which today is up to 27 seconds on average.
After the simulation, we train people to improve their knowledge about how to identify and suspect Phishing and to improve their ability to report the incident to the responsible staff, usually the company’s Security Team. The indicators improve dramatically in recurring campaigns, reaching numbers less than two digits after the sixth sequential month.
PhishX is a solution based on People-Centric Security (PCS) strategy that approaches information security with emphasis on individual accountability and trusty. Improving knowledge and behavior of people with continuous training and your company will be better prepared to affront the war against fraud.
Do you want to know more? Contact PhishX or one of ours partners and ask for a demonstration.