Proofpoint State of the Phish 2024 Report

Keypoints

• Annual cybersecurity reports typically consist of structured sections such as an introduction, key findings, threat landscape analysis, security behaviors, organizational benchmarks, and conclusions, providing a holistic overview of current cyber risks and trends.
• Key statistics reveal that 69% of organizations experienced ransomware infections and over 1 million attacks employing MFA-bypass frameworks like EvilProxy occur monthly, underscoring persistent threats.
• Recurring themes include the human factor’s role in breaches—demonstrated by 71% of users taking risky actions knowingly—and the sophistication of social engineering tactics like BEC, TOAD, and QR code scams.
• Notable findings emphasize a gap between security professionals’ perceptions and actual user behavior, with 85% of pros believing employees are responsible for security while only 41% of employees share this view.
• The threat landscape is evolving with increased use of AI-driven attacks, generative AI for social engineering, and novel attack methods like MFA bypass and malicious QR codes, complicating defense strategies.
• Phishing simulations remain a core organizational benchmark, with global failure rates around 11-17%, although reporting behaviors are improving slightly, indicating growing user awareness.
• Critical sectors such as financial services show significant improvement in failure rates (down 7%), while industries like agriculture and construction face rising risks, highlighting industry-specific challenges.
• Brand abuse remains significant, with Microsoft involved in 68 million malicious messages, demonstrating cybercriminal reliance on trusted brand impersonation for attacks.
• The cyber threat landscape remains highly active, with 73% of organizations reporting BEC attempts and a constant emergence of sophisticated tactics demanding continuous updates in awareness and defense measures.