There is no need for cybercriminals to launch sophisticated attacks, or exploit vulnerabilities, to gain access to valuable information; a simple phishing email is all that's needed to convince a worrying number of people to hand over their login credentials. This is just one of the findings of a new security report due to be published by Verizon.
The telco reports that more than two thirds of security breaches involve phishing tactics. The number of people who fall for this type of scam means that phishing remains successful and popular as a means of extracting data from people. In this age of technological enlightenment, it might come as a surprise that more than one in 10 people who receive a phishing email open attachments or click the links they contain.
System administrators will no doubt be vexed to learn that despite their hard work it is user error that is the greatest threat to any computer system. Verizon's Data Breach Investigations Report for 2015 reveals that while scattergun phishing attacks are still used, targeted attacks are increasingly common. Large businesses are frequently targeted simply because of the volume of email they deal with, making it more likely that mistakes will be made and malicious emails will not be recognised for what they are.
By aiming for a company's Achilles' heel - dumb, trusting users - cybercriminals are saved the effort of having to launch more elaborate and sophisticated attacks. As with so many issues that center around technology, a large part of the solution is education. It might be the case that nearly a quarter of phishing email recipients open said messages, but this might be out of nothing more than mocking curiosity; it is the 10 per cent of those who click through that are in need of further training.
This is particularly important when you consider that it is not just the personal information of the email recipient that is at risk. Target a large company with a successful phishing attack, and the details of hundreds of thousands of customers could be opened up. Verizon's conclusion is that two-factor authentication is an ideal way to keep data locked down, although the fact that well-publicised vulnerabilities remain unpatched means that this is something that also needs attention.
The report also investigated the threat posed by mobile devices. This is the first year Verizon has included a mobile section in its annual report and the finding are perhaps a little surprising. The majority of mobile threats involve adware, and at the moment there is little evidence of wide scale targeting of corporate users - which could well be indicative of the emphasis companies have placed on ensuring that smartphones and tablets are secured.