As most of the cybersecurity industry is setting up their out-of-office notification and packing for the RSA conference, others are combing through the 2024 edition of Verizon’s Data Breach Investigation Report (DBIR). While the report sheds light on various attack types, one thing is clear: phishing remains a massive threat across all industries.   

This post highlights the importance of building an email security strategy around rapid phishing detection and remediation with robust training and testing.  

Technology Meets Human Vigilance for Email Security 

Phished in 60 Seconds  

When it comes to phishing detection and remediation, every second counts. The 2022 Osterman Research report “The Business Cost of Phishing” revealed that companies spend an average of 27.6 minutes dealing with each phishing email.  

Unfortunately, according to the 2024 Verizon DBIR report, it takes less than 60 seconds to become a victim of a phishing attack. The report notes that the median time it takes for an individual to click on a phishing link after opening an email is just 21 seconds. After that, Verizon revealed that entering data into a phishing scheme typically takes only 28 additional seconds.   

The difference between the time it takes to detect and remediate a single phishing threat manually and the time it takes for a person to become a phishing victim highlights the importance of combining Adaptive AI for automated detection and remediation and training and testing employees to identify real-world phishing threats.  

Technology Alone Isn’t Enough  

Phishing remains a top threat vector and concern for IT and security professionals. One factor contributing to phishing success is human error, which is responsible for 68% of breaches, according to Verizon’s 2024 data.

While many view humans as a point of weakness, the reality is that relying on a technology-only email security strategy isn’t enough, as emerging phishing attacks bypass detection.   

According to the 2024 Osterman Research Report, Fortifying Against Image-based and QR Code Attacks, “94% of organizations indicate that emerging phishing attacks, like those involving QR codes and image-based techniques, successfully bypass their email security defenses.”  

Impact of Employee Training  

The 2024 DBIR report notes that “security awareness exercise data contributed by our partners during 2023, 20% of users reported phishing in simulation engagements, and 11% of the users who clicked the email also reported. (Verizon, 2024). The click rate in this study shows the importance of regular training and testing to mobilize employees as phishing threat hunters.  

The Osterman report, Defending the Enterprise: The Latest Trends and Tactics in BEC Attacks, reveals that “More than two out of three respondents say that multiple education approaches are highly important for educating employees to detect BEC attacks, with phishing simulation tests rated the most important.