this post was submitted on 24 Dec 2023
22 points (80.6% liked)
cybersecurity
3262 readers
8 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Would you mind pointing me at research that demonstrates that email links are the number one threat vector right now?
I can say from personal experience that that is the case, but I don't have any empirical evidence.
As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.
This only represents SME and Enterprise. Phishing likely could be #1 for individuals.
A quick Google search gives tons.
These are some of the sources that I found that support the claim that phishing is one of the top cyber security threats and vectors for 2023. I hope you find them useful and informative. 😊
Source: Conversation with Bing, 12/24/2023 (1) Introducing Cloudflare's 2023 phishing threats report. https://blog.cloudflare.com/2023-phishing-report/. (2) Introducing Cloudflare's 2023 phishing threats report. https://blog.cloudflare.com/2023-phishing-report/. (3) CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. https://www.cisa.gov/news-events/alerts/2023/10/18/cisa-nsa-fbi-and-ms-isac-release-phishing-prevention-guidance. (4) CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. https://www.cisa.gov/news-events/alerts/2023/10/18/cisa-nsa-fbi-and-ms-isac-release-phishing-prevention-guidance. (5) The State of Phishing 2023 | SlashNext. https://slashnext.com/state-of-phishing-2023/. (6) The State of Phishing 2023 | SlashNext. https://slashnext.com/state-of-phishing-2023/. (7) 2023 'State of the Phish' - Findings Sneak Peek | Proofpoint US. https://www.proofpoint.com/us/blog/security-awareness-training/2023-state-of-the-phish-findings-sneak-peek. (8) 2023 'State of the Phish' - Findings Sneak Peek | Proofpoint US. https://www.proofpoint.com/us/blog/security-awareness-training/2023-state-of-the-phish-findings-sneak-peek. (9) The Biggest Security Threat of 2023? It's Phishing - MUO. https://www.makeuseof.com/biggest-security-threat-2023-phishing/. (10) The Biggest Security Threat of 2023? It's Phishing - MUO. https://www.makeuseof.com/biggest-security-threat-2023-phishing/.
How do these demonstrate that email is the main attack vector?
Did you need it to say: I felt like the number one? I was basing my assessment on all the recent breach notices I've heard.
Maybe you can qualify the threats statistically, or from Gartner surveys.
Right now, we're all left with people having to deal with being one click away from workstation compromise, PrivEsc, exfil. Boo.
These seem to focus on phishing. There are other threats. Phishing happens via channels other than email.
You may be right in your assessment, but this evidence doesn’t support your claim.
Why does it have to be number one?
OP originally said number one and edited their post.