Acronis on Monday reported that threats from phishing and malicious emails have increased by 60% and the average cost of a data breach could reach $5 million by next year.
The report found that between July and October, the proportion of phishing attacks had risen by 1.3 times, accounting for 76% of all attacks.
“The last few months have proven to be as complex as ever — with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis vice president of cyber protection research at Acronis. “Organizations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year.”
Phishing will more than likely never go away and thus teams should have the appropriate compensating controls in place, said Matt Mullins, senior security researcher at Cybrary. While certain aspects, such as maldocs, will probably wither away, we will never truly see the end of phishing because of its value as a low-effort and high-yield attack, said Mullins.
“The value of breaches going up probably has something to do with scarcity of resources and funding as the global markets are impacted,” said Mullins. “While the value of inflation is probably significant, it more than likely is not the driver behind the higher cost to organizations. This leads me to believe that the attackers are getting more efficient at targeting the right data, companies, and clients while also having a more robust network of digital ‘fences’ to sell through. These attributes paint a considerable picture of concern as the costs going up in the current economic downturn means the pain will be double for struggling businesses.”
Darren Guccione, co-founder and CEO at Keeper Security, said it’s difficult for anyone to stay up-to-date on all of the ways cybercriminals are worming into our lives, but it makes sense that simple phishing scams are one of the most prevalent cyberthreats.
“Scammers don’t discriminate and people of all ages fall prey to these schemes, costing consumers hundreds of millions of dollars each year,” Guccione said. “We tend to believe what we see, which is why aesthetics and user interfaces often trump awareness of a nefarious and incorrect URL. The key is to ensure the URL matches the authentic website. When a password manager is used, it automatically identifies when a site’s URL doesn't match what’s contained in the password vault. It's a critical tool for preventing the most common attacks, including phishing scams.”