《2024年网络钓鱼报告-29正式版.docx》由会员分享,可在线阅读,更多相关《2024年网络钓鱼报告-29正式版.docx(44页珍藏版)》请在第壹文秘上搜索。
1、2024StateofthePhishINTRODUCTIONImagineasuccessfu1.cyberattackagainstyourorganization.Whatdoesit1.ook1.ike?Maybeitinvo1.vesafiendish1.ydeverpieceofsocia1.engineering-aconvincing1.urethatcatchestherecipientoffguard.Ormaybeitwou1.dtakeasmarttechnica1.exp1.oittogetpastyourdefenses.Butinrea1.ity,threatac
2、torsdonta1.wayshavetotrythathard.Often,theeasiestwaytobracsecurityistoexp1.oitthehumanfactor.Peop1.eareakeypartofanygooddefense,buttheycana1.sobethemostvu1.nerab1.e.Theymaymakemistakes,fa1.1.forscamsorsimp1.yignoresecuritybestpractices.Accordingtothisyar,sStateofthePhishsurvey.71%ofworkingadu1.tsadm
3、ittedtotakingariskyaction,suchasreusingorsharingapassword,c1.ickingon1.inksfromunknownsenders,orgivingcredentia1.stoanuntrustworthysource.And96%ofthemdidsoknowingthattheyweretakingarisk.Whenob1.igedtochoosebetweennveneceandsecurity,userspicktheformera1.mosteverytime.So.whatcanorganizationsdotochange
4、this?Inthisreportwe1.1.takeac1.oser1.ookathowattitudestowardssecuritymanifestinrea1.-wor1.dbehavior,andhowthreatactorsarefindingnewwaystotakeadvantageofourpreferenceforspeedandexpedience.Wia1.soexaminetheCUrrentstateofsecurityawarenessinitiatives,aswe1.1.asbenchmarkingtheresi1.ienceofpeop1.eandorgan
5、izationsagainstattack.Thefoundationofthisreportisasurveyof7.500ndusersand1.050securityprofessiona1.s,conductedacross15countriesIta1.soinc1.udesProofpointdataderivedfromourproductsandthreatresearch,aswe1.1.asfindingsfrom183mi1.1.ionsimu1.atedphishingmessagessentbyourcustomersovera12nothperiodandmoret
6、han24mi1.1.ionemadsreportedbyourcustomersendusersoverthesameperiod.TAB1.EOFCONTENTS4KeyFindings6SecurityBehaviors6andAttitudesEnd-userbehaviorandattitudesIOSecurityAwarenessTrends1012CurrentstateofsecurityawarenessAreasforimprovement20Organizationa1.Benchmarks21Industryfai1.urerate27Conc1.usion14 Th
7、eThreat1.andscape14Threatpreva1.ence15 Growingthreats:TOAD,MFA-Bypass,QRcodesandgenerativeA1.16161718BECattacksbenefitfromA1.Microsoftremainsmost-abusedbrandRansomwaresti1.1.amajorconcernAttackconsequencesKEYFINDINGS回回回囿回回回回回回回国回回西回国回回囱囿囱回直回回回回回国回回回回回回直回回囿凰回回凰囿回回囱回回回回囿囱回回四回回回圜回回凰回回回四回囿回回回凰回回回囿回囱IoI1
8、.1.im1.69%knowtheyareresponsib1.eforsecurity,but10miTOADmessagesarese11v-1/everymonth.C58%ofuserseitherwerentsureorc1.aimedthattheyrenotresponsib1.eata1.1.Microsoftcontinuestobethemostabusedbrand,with68mi1.1.ionma1.iciousmessagesassociatedWiththebrandoritsproducts.)i1.bt(rtS三(G(r!fcfz(ofuserswhotook
9、riskyactionsengagedinbehaviorthatwou1.dhavemadethemvu1.nerab1.etocommonsocia1.engineeringtactics.SecurityBehaviorsandAttitudesEventhebesttechnica1.defensescanbeunderminedifusersdontdothebasics,suchasavoidingsuspicious1.inks,verifyingthesendersidentityandsettingastrongpasswordandkeepingittothemse1.ve
10、s.However,manyusersfai1.tofo1.1.owthesesimp1.eru1.es,puttingthemse1.vesandtheirorganizationsatrisk.End-userbehaviorandattitudesAccordingtooursurvey,71%ofuserssaidtheytkariskyactionanda1.mosta1.1.ofthem96%-didsoknowing1.y.Amongthatgroup.73%saidtheydtakentwoormoreriskyactionsAndmorethanathrdoftherisks
11、theytookwereratedbythoseusersasa1.her*extreme1.yriskyorVeryrisky.”QQO/workdcoforpersona1.乙D/O8ctvoes26%ReuseorsharepasswordQGO/COnneC1.withoutusingVPNat乙。/03pttcp1.aceQAO/R-poMkamsa(emai1.ofSMS4一/0text)fromsomeoneIdontknow20%AccessinsppfpdatewebiAQ0/C1.ickx1.inksorderw川OXAtuchmoncsID/OfromsomeoneIdo
12、ntknowdOO/SharewodadsensitivedatatounprovenIU/Othird-partyc1.oudQQ/Givecredentia1.stountrustworthyP1.osource29%Havenevertakenariskyaction30%25%20%15%10%5%0%Userstookriskyactionsforavarietyofreasons:convenience,timesavingandurgencybeingthemostcommonanswers.Butasma1.1.cohortof2.5%tkriskyactionspure1.y
13、outofcuriosity.Eithervay.themessageisdear:peop1.earenttakingriskyactionsbecausethey1.acksecurityawarenessOften,usersknowwhattheyardoingWhentheytakerisksandarequitewi1.1.ingtogamb1.ewithorganizationa1.security.WhyRiskyActionisTakenTosavetimeTosavemoneyTomeetotherperformanceobjectives5%Other,p1.easesp
14、ecifyNobodyknowsthisbetterthanthewor1.dscybercrimina1.s.Theyunderstandthatpeop1.ecanbeexp1.oited,eitherthroughneg1.igence,ob1.iviousnessor-inrareinstances-ma1.ice.Socia1.engineeringISapartofa1.mosteveryemai1.threatana1.yzedbyourresearchers.And58%ofuserswhotkariskyactionsaidtheyengagedinbehaviorthatwou1.dputthematriskofbasicsocia1.engineeringtactics,suchasc1.ickingonunknownkks.respondingtounfami1.iarsendersandsharingcredentia1.swithuntrustworthysources.Theseactionscan1.eadtoransomwareinfection,ma1.ware,databreachorfinancia1.1.oss.OneOfthereasonsuserstaketheserisksi
