One minute and 22 seconds.
It’s not a lot of time, but it’s all that’s needed before a phishing email that lands in the inbox of one of your employees is opened.
Within an hour, nearly 50% of people who receive a phishing email will open it and click on the links.
This startling statistic is courtesy of Verizon Breach Investigations Report, which analyzed nearly 80,000 security incidents and over 2,000 data breaches that took place in 2014. With such a large sampling of data at hand, the researchers were able to paint a picture of the security of company networks across the globe.
Attackers stealing company data within minutes of network entry
In nearly a quarter of the cases analyzed, cyber criminals began siphoning data within minutes of gaining entry, giving defenders little time to detect the data theft and respond. The good news is that 37% of breaches were contained within hours of the attack. The bad news is that the number of companies who discover an attack in a timely manner is simply too low – it’s not uncommon for a company to discover a breach months or years after an attacker has entered their network, when data has long since been stolen.
Most commonly breached industries and departments are no surprise
Some of the data in the report confirmed assumptions about the types of companies and people that attackers are targeting. The top three industries impacted by security incidents and breaches are Public, Information and Financial Services. What’s more, people working in Communications, Legal and Customer Service departments were most likely to open a phishing email, but this shouldn’t come as much of a surprise: e-mail communication is a central component of jobs in these departments, and not opening an email could negatively impact the performance of the individual or department.
How do you keep people from opening up these harmful emails?
While technology is an essential part of network security, you are putting yourself at risk if you don’t make efforts to train your employees on how to keep your network secure.
Lance Spitzner, Training Director for the SANS Securing The Human program, notes in the report that “one of the most effective ways you can minimize the phishing threat is through effective awareness and training. Not only can you reduce the number of people that fall victim to (potentially) less than 5%, you create a network of human sensors that are more effective at detecting phishing attacks than almost any technology.”
With phishing emails becoming increasingly sophisticated, training your employees on how to spot and avoid these dangerous emails is crucial for the security of your network.