The 2018 State of Phishing Defense Report highlights top phishing email subjects and industries most susceptible and resilient to phishing attacks
Leesburg, VA – October 11, 2018 – Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today released the findings of their report, “The State of Phishing Defense 2018: Susceptibility, Resiliency, and Response to Phishing Attacks” which reveals today’s top phishing attacks and how companies can effectively manage those risks.
Recent industry reports show that email delivers a staggering 92% of malware1 and by the end of 2017 the average email user received 16 malicious emails per month.2 While it’s impossible to completely eliminate phishing and email-based threats, organizations look to minimize the risk associated with those threats. The Cofense report features real and simulated threat findings generated from their internal research teams and across a sampling of their global customer base; real data from 1,400 customers in 50 countries and 23 major industries, including half of the Fortune 100.
Overall, Cofense analyzed more than 135 million phishing simulations, 800,000 reported emails and nearly 50,000 real phishing campaigns targeting organizations in 23 industries ranging from healthcare, financial services to manufacturing. The findings highlighted that thus far in 2018, one in ten reported emails were verified as malicious and more than half of those were tied to credential phishing where a fraudulent email attempts to gather login and system information from users.
Other key findings include:
- 21 percent of reported crimeware emails contained malicious attachments.
- The term “Invoice” is one of the top phishing subjects and appeared in six of the ten most effective phishing campaigns in 2018.
- The overall resiliency rate of users has grown over the past four years, thanks in part to a big increase in the reporting rate (6 percent, up from 14 percent three years ago).
- Companies in the utilities and energy industries built up the most resiliency to phishing over time, but all industries considered critical infrastructure still have work to do.
“We founded Cofense on the principal that the human element, the users who are targeted, are a critical factor in defending against phishing threats,” said Aaron Higbee, Co-founder and CTO of Cofense. “We see phishing emails bypass technology controls every day and more and more end-users recognizing and reporting these threats that slipped past million-dollar defenses. The results of our research detailed in the ‘State of Phishing Defense’ shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest-links in an organization. These trends are powerful and reinforce that humans are a key element to a successful security program.”
The full report is available for download here: https://cofense.com/state-of-phishing-defense-2018/
Cofense correlated customer simulation data with real attack data seen in Cofense’s Phishing Defense Center, a managed service that analyzes thousands of reported phishing emails every day. Findings were fortified by the insights of Cofense IntelligenceTM, which collects millions of malicious emails daily and performs human analysis on thousands of real phishing campaigns per month.
Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. To learn more, visit https://cofense.com/.
Global Corporate Communications
- Verizon, Data Breach Investigations Report, 2018.
- Symantec, Internet Security Threat Report, 2018.