Learn how hybrid work is fueling ransomware attacks and what to do about it.
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Share this article
According to JPMorgan Chase CEO Jamie Dimon, “The threat of cyber security may very well be the biggest threat to the US financial system.” Coupled with the fact that financial services is one of the most highly targeted industries, it’s clear financial organizations are in trouble. Reports show a 56% year-over-year increase in digital threats targeting the sector, and according to new research, phishing is a key threat vector.
The overall trend of employees clicking on phishing links is steadily increasing within the financial services industry. From January to September 2019, there was a 147% increase in total number of clicks on phishing links, with one particular attack in May causing a temporary spike of 274% among Menlo Security’s customers. Given the data refers to actual clicks rather than phishing emails received, this means that the attack bypassed all existing security defenses, landed in an inbox and was clicked by an employee—basically a worst case scenario.
The below graph represents data from financial services organizations with anywhere from 3,000 to 150K users, including 7 of the 10 largest banks and 4 of the 5 largest credit card issuers.
Bottom line is this: phishing still works. The overall trend of employees clicking on phishing links is steadily climbing, and the unfortunate reality is that attackers are getting better. Despite advances in security technology and new products, phishing attacks still seem to be effective. Attackers are modifying their methods to bypass security defenses and reach end users. For instance, they’re increasingly hosting malicious content or files on SaaS services to trick users and security products into thinking the email is for a legitimate business purpose.
As enterprise cloud applications like Box, Salesforce, OneDrive, DropBox and others are adopted more widely, there’s been a surge in phishing/credential theft carried out on those cloud services. Attackers are targeting cloud hosted applications trusted by enterprises to increase their probability of breaching a company, with OneDrive being the most popular application used for phishing, likely because so many enterprises are moving to Office 365.
Traditional security products are unable to successfully detect phishing attacks because they are fighting a losing battle and trying to detect what is good vs. bad. Vendors will always be one step behind, and this data shows that financial services organizations are clearly not keeping pace with the bad guys. The time is now for organizations across industries to embrace isolation and empower Secure Cloud Transformation. Learn more about how the Menlo Security Cloud Platform allows enterprises to embrace Secure Cloud Transformation here.
Vinay Pidathala on Dec 17, 2019
Threat Trends & Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.