Email continues to be the biggest threat vector for attackers looking to compromise organizations, with phishing attempts and malicious attachments comprising over a third of attacks, according to F-Secure.
The AV vendor analyzed a random sample of past incident response investigations carried out by its consultants in order to better understand how organizations are breached.
It found that the majority of incidents were targeted (55%) rather than opportunistic (45%) attacks, with the former employing a greater range of TTPs than the latter.
Phishing emails (16%) and malicious email attachments (18%) together formed the biggest threat.
The findings chime somewhat with the Verizon Data Breach Investigations Report 2017, which revealed that phishing was present in over 90% of security incidents and breaches analyzed in the report.
However, according to F-Secure, internet exploits (21%) were also popular, especially those targeting unpatched vulnerabilities, while the insider threat (20%) was prominent.
Given the popularity of the email channel, it’s perhaps not surprising that attackers favored social engineering (52%) over external exploits (48%).
The findings would seem to suggest organizations need to get better at educating their employees to spot the tell-tale signs of a phishing email and/or not to open attachments in unsolicited emails or from suspicious sources.
However, F-Secure also claimed that many breaches go undetected, or else IT problems are misdiagnosed as breaches, indicating that current threat detection technologies are failing.
“They call incident responders to investigate something ‘suspicious’ rather than knowing whether they’re experiencing an actual attack,” the report noted.
“Organizations can address these issues by developing better detection capabilities, such as by investing in an endpoint detection and response solution or service. Detecting attacks earlier and with greater accuracy will help them respond faster and more efficiently while reducing false alarms.”