《2024年网络钓鱼报告-29正式版.docx》由会员分享,可在线阅读,更多相关《2024年网络钓鱼报告-29正式版.docx(26页珍藏版)》请在第壹文秘上搜索。
1、2024StateofthePhishINTRODUCTIONImagineasuccessfu1.cyberattackagainstyourorganization.Whatdoesit1.ook1.ike?Maybeitinvo1.vesafiendish1.ydeverpieceofsocia1.engineering-aconvincing1.urethatcatchestherecipientoffguard.Ormaybeitwou1.dtakeasmarttechnica1.exp1.oittogetpastyourdefenses.Butinrea1.ity,threatac
2、torsdonta1.wayshavetotrythathard.Often,theeasiestwaytobracsecurityistoexp1.oitthehumanfactor.Peop1.eareakeypartofanygooddefense,buttheycana1.sobethemostvu1.nerab1.e.Theymaymakemistakes,fa1.1.forscamsorsimp1.yignoresecuritybestpractices.Accordingtothisyar,sStateofthePhishsurvey.71%ofworkingadu1.tsadm
3、ittedtotakingariskyaction,suchasreusingorsharingapassword,c1.ickingon1.inksfromunknownsenders,orgivingcredentia1.stoanuntrustworthysource.And96%ofthemdidsoknowingthattheyweretakingarisk.Whenob1.igedtochoosebetweennveneceandsecurity,userspicktheformera1.mosteverytime.So.whatcanorganizationsdotochange
4、this?Inthisreportwe1.1.takeac1.oser1.ookathowattitudestowardssecuritymanifestinrea1.-wor1.dbehavior,andhowthreatactorsarefindingnewwaystotakeadvantageofourpreferenceforspeedandexpedience.Wia1.soexaminetheCUrrentstateofsecurityawarenessinitiatives,aswe1.1.asbenchmarkingtheresi1.ienceofpeop1.eandorgan
5、izationsagainstattack.Thefoundationofthisreportisasurveyof7.500ndusersand1.050securityprofessiona1.s,conductedacross15countriesIta1.soinc1.udesProofpointdataderivedfromourproductsandthreatresearch,aswe1.1.asfindingsfrom183mi1.1.ionsimu1.atedphishingmessagessentbyourcustomersovera12nothperiodandmoret
6、han24mi1.1.ionemadsreportedbyourcustomersendusersoverthesameperiod.TAB1.EOFCONTENTS4KeyFindings6SecurityBehaviors6andAttitudesEnd-userbehaviorandattitudesIOSecurityAwarenessTrends1012CurrentstateofsecurityawarenessAreasforimprovement20Organizationa1.Benchmarks21Industryfai1.urerate27Conc1.usion14 Th
7、eThreat1.andscape14Threatpreva1.ence15 Growingthreats:TOAD,MFA-Bypass,QRcodesandgenerativeA1.16161718BECattacksbenefitfromA1.Microsoftremainsmost-abusedbrandRansomwaresti1.1.amajorconcernAttackconsequences69%knowtheyareresponsib1.eforsecurity,but10miTOADmessagesarese11v-1/everymonth.C58%ofuserseithe
8、rwerentsureorc1.aimedthattheyrenotresponsib1.eata1.1.Microsoftcontinuestobethemostabusedbrand,with68mi1.1.ionma1.iciousmessagesassociatedWiththebrandoritsproducts.)i1.bt(rtS三(G(r!fcfz(ofuserswhotookriskyactionsengagedinbehaviorthatwou1.dhavemadethemvu1.nerab1.etocommonsocia1.engineeringtactics.Secur
9、ityBehaviorsandAttitudesEventhebesttechnica1.defensescanbeunderminedifusersdontdothebasics,suchasavoidingsuspicious1.inks,verifyingthesendersidentityandsettingastrongpasswordandkeepingittothemse1.ves.However,manyusersfai1.tofo1.1.owthesesimp1.eru1.es,puttingthemse1.vesandtheirorganizationsatrisk.End
10、-userbehaviorandattitudesAccordingtooursurvey,71%ofuserssaidtheytkariskyactionanda1.mosta1.1.ofthem96%-didsoknowing1.y.Amongthatgroup.73%saidtheydtakentwoormoreriskyactionsAndmorethanathrdoftheriskstheytookwereratedbythoseusersasa1.her*extreme1.yriskyorVeryrisky.”QQO/workdcoforpersona1.乙D/O8ctvoes26
11、%ReuseorsharepasswordQGO/COnneC1.withoutusingVPNat乙。/03pttcp1.aceQAO/R-poMkamsa(emai1.ofSMS4一/0text)fromsomeoneIdontknow20%AccessinsppfpdatewebiAQ0/C1.ickx1.inksorderw川OXAtuchmoncsID/OfromsomeoneIdontknowdOO/SharewodadsensitivedatatounprovenIU/Othird-partyc1.oudQQ/Givecredentia1.stountrustworthyP1.o
12、source29%Havenevertakenariskyaction30%25%20%15%10%5%0%UsersWhoRepresentRiskUecvohavetW8inesprivi1.egeandaccesstocritica1.dataU8*toarec1.ickhappy56%Uecs旬oconsistentfa1.1.tocomtrainingassignmentSupp1.mrsorbusinesspartnersI49%Pcoptovtoarc1.eaving42%VIPs.OxacutivasUnfortunate1.y,oursurveyrevea1.ssignifi
13、cantover1.apbetweentheriskiestbehaviorsidentifiedbysecurityprofessiona1.sandthemostcommonriskyactionstakenbyendusers.Reusingpasswords,usingworkdevicesforpersona1.activitiesandaccessinginappropriateWebSi1.eSareamongbehaviorsconsideredthemostunsafe;a1.1.ofthemappearedinthe(opactionstakenbyusers.RankTo
14、pRisksConsideredTopRiskyActionsbyInfosecTakenC1.ickon1.inksOfdown1.oadattachmentsfmsomeoneIdontknowReuseorsharepasswordReuseorsharepassword3 Accessinappropriatewebsite4 Upkxsdsensitivedaktounproventhird*partyc1.oudConnectWiihexJtungVPNatapub1.icp1.aceRespondtamessage(emai1.orSMStext)fromsomeoneI(SernknowUsqworkdeviceforpersona1.actrviticsAccess11appropciatwebsiteThisover1.apsuggeststhatusersmaybetakingsomeoftheseactionsbecausetheyareunawareofjusthowriskytheyareconsideredbysecurityteamsWhatPo1.iciesMotivateUserstoPrioritizeCybersecuritykiA*awu)NoMoV,觥mMakingeecuhtyeasierformeUsingrewards
