Skip to content

State of the Phish Address 2019

The State of the Phish Address for 2019 analyzes data from tens of millions of simulated phishing attacks in addition to the results of two surveys given to info-sec professionals and end-users all over the world.  This report uniquely delivers direct feedback from information security professionals on the current threat landscape and the challenges lying in wait there and provides data-driven intelligence for CISOs and CSOs for managing end-user risk.

Here are some highlights from the annual report.

The Extent of End-user Risk

The Human Factor 2018 Proofpoint reports that cyber attackers are becoming more focused on people, not defenses, focusing on our natural curiosity, desire to be helpful, love of bargains, and time constraints.  Email is the top attack vector, followed by suspiciously-registered domains, fake browser plugin updates, and the lure of pirated content through social media-based attacks.  Additionally, end-users are found not to be familiar with info-security terms and many are relying entirely on IT teams to automatically discover and fix accidental downloads of malware.

A lack of clarity in understanding the role of IT in this context could be instilling a false sense of security in end-users and unnecessarily draining info-sec resources.  In regard to the younger generations of digital natives, familiarity unfortunately does not necessarily lead to a clear understanding of cyber security or reduced risk.  In fact, Baby boomers and Gen X respondents exhibited much stronger recognition of phishing and ransomware.

Info-sec Experiences

Info-sec professionals report a more active social engineering landscape in 2018. They also reported that all types of attacks happened more frequently than in 2017.  83% of survey respondents indicated experiencing phishing attacks. 49% experienced vishing and/or smishing (voice or SMS/text phishing) attacks. 4% faced USB-based social engineering attacks. 64% experienced spear phishing. These numbers respectively represent 7%, 4%, 1%, and 11% increases from 2017.

Security Awareness Outcomes and Opportunities Following Phish Address

So what should be done to mitigate these increasing risks?  A greater focus is recommended for credential compromise as this vector of attack quadrupled between Q2 and Q3 of 2018.  A steady 9% average failure rate of simulated phishing attacks indicates the value of knowledge. Additionally, end-users continue to apply learned skills and remain alert to different phishing traps.

It is also recommended to thoroughly challenge and educate end users over time with phishing simulations. These include commercial- and cloud-themed campaigns. Such as shipping confirmations and messages about downloading documents from cloud storage services.

Looking for managed IT services to help your small or medium business combat cyber security threats?

Contact us for a free risk assessment.

a close up of a radio with the time displayed

Why You Need a UPS in Your Network Equipment

Apart from securing your computer network against breaches, it is advisable to ensure that the network hardware is plugged into a UPS (uninterruptible power supply) system.

the word rules spelled with scrabble tiles

What Are The Three Rules of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules for protecting patient health information, namely: The Privacy

wheel house it logo

Let's Start a Conversation

Fill out the form below and a member of our team will contact you within 10 minutes. (Mon-Fri 8am-6pm EST)

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Let's Start a Conversation

Rory from wheel house IT

Call (954) 474-2204, option 2 to speak with a representative.

Send us an email at

Or contact us by form below:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.