90% of All Hacks are Due to Social Engineering and Phishing Attacks

Cyber criminals have increasingly turned to social engineering because it is a highly-effective and subtle way to gain credentials and access to troves of valuable assets.

Here are some statistics you need to know about social engineering…and how to protect yourselves.

– 55% of all emails are spam. (Symantec)

Considering the sheer volume of emails that many of us receive each day, this statistic is important. You may be able to spot more common red flags or obvious spam, but this constant flow of messages wears down your ability to spot the more subtle tricks embedded in messages that are just a few degrees off.

– Only about 3% of malware tries to exploit an exclusively technical flaw. The other 97% instead targets users through Social Engineering. (KnowBe4)

Cyber criminals know that people are often the gateway to valuable credentials and databases or account details. With a simple trick or digital slight of hand on a bad day, they know you could be an easier target than running every username-password combination in a data dump until they get a hit.

– 91% of attacks by sophisticated cyber criminals start through email. (Mimecast)

We must pay more attention to the emails we send and receive! Take the extra time to communicate sensitive information in person, if possible. Be careful about what information you share with a stranger over email, or what information you put about yourself on social media. Sophisticated phishing scams have been known to use information about your networks and position through LinkedIn or Facebook to gain just enough details about you to seem plausible, or pique your curiosity.

This may be the most important information of all!

– The top emotional motivators behind successful phishes are entertainment, social, and reward or recognition. (PhishMe)

As more companies adopt preventative measures, the older motivators like fear and curiosity have caused fewer successful phishing scams. This means that 'consumer scams' targeting employees personally while on the job have increased in frequency. The lines can become blurry when employees are using personal devices for work or checking their social or news notifications whilst taking a break. Improving endpoint device security is one way to combat this shift in phishing tactics. Be careful what you click on.

Here’s a fascinating infographic – https://www.social-engineer.org/wp-content/uploads/2014/04/SocialEngineeringInfographic.jpg

Stay Safe out there and never give up information!