According to JPMorgan Chase CEO Jamie Dimon, “The threat of cyber security may very well be the biggest threat to the US financial system.” Coupled with the fact that financial services is one of the most highly targeted industries, it’s clear financial organizations are in trouble. Reports show a 56% year-over-year increase in digital threats targeting the sector, and according to new research, phishing is a key threat vector.
The overall trend of employees clicking on phishing links is steadily increasing within the financial services industry. From January to September 2019, there was a 147% increase in total number of clicks on phishing links, with one particular attack in May causing a temporary spike of 274% among Menlo Security’s customers. Given the data refers to actual clicks rather than phishing emails received, this means that the attack bypassed all existing security defenses, landed in an inbox and was clicked by an employee—basically a worst case scenario.
The below graph represents data from financial services organizations with anywhere from 3,000 to 150K users, including 7 of the 10 largest banks and 4 of the 5 largest credit card issuers.
Bottom line is this: phishing still works. The overall trend of employees clicking on phishing links is steadily climbing, and the unfortunate reality is that attackers are getting better. Despite advances in security technology and new products, phishing attacks still seem to be effective. Attackers are modifying their methods to bypass security defenses and reach end users. For instance, they’re increasingly hosting malicious content or files on SaaS services to trick users and security products into thinking the email is for a legitimate business purpose.
As enterprise cloud applications like Box, Salesforce, OneDrive, DropBox and others are adopted more widely, there’s been a surge in phishing/credential theft carried out on those cloud services. Attackers are targeting cloud hosted applications trusted by enterprises to increase their probability of breaching a company, with OneDrive being the most popular application used for phishing, likely because so many enterprises are moving to Office 365.
Traditional security products are unable to successfully detect phishing attacks because they are fighting a losing battle and trying to detect what is good vs. bad. Vendors will always be one step behind, and this data shows that financial services organizations are clearly not keeping pace with the bad guys. The time is now for organizations across industries to embrace isolation and empower Secure Cloud Transformation. Learn more about how the Menlo Security Cloud Platform allows enterprises to embrace Secure Cloud Transformation here.