Research Insights: Proofpoint’s 2022 State of the Phish Report

Proofpoint’s 2022 State of the Phish Report Reveals Email-Based Attacks Dominated the Threat Landscape in 2021; Tailored Security Awareness Training Remains Critical for Protecting Hybrid Work Environments.

83% of survey respondents said their organization experienced at least one successful email-based #phishing attack in 2021, a 46% increase over 2020;

78% of organizations saw an email-based ransomware attack in 2021

Almost 60% of those infected with ransomware paid a ransom.

More than 80% of workers in the U.S. use one or more of their own devices for work

55% of U.S. workers surveyed admitted to taking a risky action in 2021.

Research Insights:

Damon Ebanks, VP Marketing, Veridium:

   “The fact that 78% of the organizations were victims of email-based ransomware attacks isn’t surprising when you consider the fact that most employees post 2020 have shifted to remote work. Previously, cybersecurity was a mandatory presentation or a course that employees had to attend in-person but ever since the pandemic, employers and employees have become lax when it comes to cyber security. If you take a look at today’s organization’s cyber security measures, you’ll notice that they still rely on age-old security measures – namely password/username combinations. Moreover, the Proofpoint report states only 60% of the employees who are working from home have a password protected network which makes the other half a fish in a barrel waiting to be shot. Plus, when you include the fact of insufficient training by the employers, coupled with an uninitiated employee workforce, it’s basically a wonderland for attackers. Some of the things that employers can do to counter this threat is to enable a two-factor authentication system for their network. This gives the organization an added layer of security which acts as a deterrent against phishing attacks even if they do get the username/password credentials. Moreover, one of the key lessons that organizations can learn is to not pay ransom – this only prompts attackers to feed off of you even more.”