Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Prepare to defend: Why combating phishing attacks requires a proactive approach

By Deepak Gupta
Virus Detected
August 18, 2020

Whether you are a small enterprise, a large corporation, or something in between, phishing is one of the most damaging and vicious threats that you have to prepare for. It is so serious that security analysts predict it will be their topmost concern.

As per Verizon 2019 DBIR, phishing has emerged as the leading cause of data breaches across companies, and there is a worrying rise in the number of phishing attacks. This is all the more reason for companies to step up their security to identify how to prevent phishing.

So what exactly is phishing, and why should you be afraid of it? 

Phishing, a sophisticated cyberattack, is a means of gathering personal information through the use of deceptive websites and email. Employing disguised emails sent to unwitting users, the perpetrators of the attack to convince the user that they are someone the user wants or knows. It can be cloaked as anything, ranging from a bank request to a message from a coworker.

Scarily, phishing, which is considered one of the oldest types of cyberattacks, is increasingly becoming more sophisticated, indicating that the perpetrators are evolving with the latest countermeasures.

 

Phishing trends across the board

  • Given how dangerous phishing is, companies keep close track of this phenomenon, and this has given rise to some interesting data that will make even the most hardened security executive nervous.
  • As per Proofpoint’s latest State of the Phish report, which examined phishing attacks globally and from multiple sources, including a seven-country-wide survey of 600 Infosec professionals, 90 percent of companies had fallen victim to targeted phishing in 2019. 
  • While 88 percent of these were spear-phishing attacks, 86 percent of the attacks were perpetrated by compromising business emails (BEC attacks). It is worth noting that the Proofpoint threat intelligence found data that confirmed the rise in the move towards more targeted and personalized attacks via bulk email campaigns. 
  • 2019 also has the distinction of being the year that saw 90 percent of all companies surveyed by ProofPoint being the victim of spear-phishing attacks, which has placed all the more pressure on security executives to mitigate phishing attacks.  
  • In another worrying trend, brazen cybercriminals have, in some instances, taken the phishing game out of the realm of the inboxes. Professionals at Infosec have reported a huge spike in the deployment of social engineering attempts in the year 2019.
  • Notably, the social media of around eighty-six percent of organizations have been targeted, while eighty-one percent of companies found malicious USB drops taking place. 
  • At eighty-three percent, instances of vishing or faced voice phishing gave no reason for security professionals to cheer. Moreover, a staggering eighty-four percent reported that they had been the victims of smishing, a creative expression used for SMS/text phishing.

 

Methods of phishing

There are myriad ways by which a cybercriminal can carry out a successful phishing attack on an unsuspecting victim. 

  • Spoofed Login Pages: One common way that people or corporations are defrauded is through the use of spoofed login pages. The attacker employs an innocent-looking prompt for a login-id and password that is a malicious program to steal information. 
  • Impersonation: Impersonators trick users by pretending to be someone the user would most certainly reply to, such as their bank or a client. Let us look at a phishing attack example. For instance, a cybercriminal might send an email to the victim pretending to be their bank, requesting sensitive financial information.
  • Malicious Attachments: An email with as inconspicuous a title as ‘family photos’ might come with attachments containing dangerous malware that might compromise your valuable private data if you click on it.
  • Messenger Apps: Another insidious manner in which criminals gain access to private information is by pretending to be acquaintances on messenger apps.
  • Phishing with Shared Files: As a counter to the security measures enacted by email companies, attackers have further shown the capacity to infiltrate shared files with their malware.

 

Purging our inboxes—a guide to the proactive action you can take, and how to detect successful phishing attacks

  • Creating awareness can go a long way; advise employees to be wary of suspicious attachments, popups and messages supposedly from their coworkers. 
  • Spending, or rather investing, money on powerful anti-phishing technology can reap rich dividends. Blacklist-based solutions utilized by Google has been shown to bring down the number of malicious URLs by a remarkable 90 percent.
  • Besides training employees in the use of anti-phishing tools, security executives must also test their training’s effectiveness by conducting mock phishing campaigns. 
  • Another way to go would be the enhanced security implementation of identity management through passwordless login or multifactor authentication.
  • Employing powerful domain name spoofing protection for your company and ensuring the verification of the target site’s SSL credentials will provide you with another layer of security to protect your valuable data.

 

Some closing thoughts

If there is one thing that you can take away from this article, it is the significance of being proactive, to protect people, brands, and their data from being phished. Such protective measures, albeit small, can go a long way in protecting organizations from the dangerous attacks of threat actors, whose modus operandi for phishing is constantly evolving.

KEYWORDS: cyber security information security phishing risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Deepak Gupta is the CTO and co-founder of LoginRadius, a rapidly-expanding Customer Identity Management provider. He's dedicated to innovating LoginRadius' platform, and loves fooseball and winning poker games! Connect with him on LinkedIn or Twitter.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • physical security

    A proactive approach to cyber and physical security

    See More
  • auditing-freepik1170x658v4.jpg

    Proactive auditing — a key component to an offensive cybersecurity approach

    See More
  • AI-powered phishing

    Combating the rising threat of AI-powered phishing attacks

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing