When it comes to spear-phishing, the force a threat actor takes to impact its victim can produce equal (if not greater) damage, and one way of doing so is using the three T’s of success—target, timing, and tenacity. For cybercriminals, these T’s are easy tactics to infect organizations in a growing remote workforce.
According to Help Net Security, spear-phishing is a low-volume attack but is becoming a widespread and highly successful result. More than “50% of organizations were spear-phishing victims in 2022, and it takes nearly 100 hours to identify, respond to, and remediate post-delivery email threats,” according to the article.
That 100 hours is crucial. The SOC is already overworked. Adding 100 hours to their already packed schedule is non-tenable and could lead to even more cyber risks.
With specific targets in mind, prime timing in remote work, and tenacious threat actors, it’s no surprise that 12 or more suspicious emails are delivered daily to inboxes.
Fortunately, the solution is simple—investing in account takeover protection solutions with AI capabilities. Avanan is a leader in email security and collaboration because of its successful cloud-based, C-Suite protection.
Using API technology, Avanan models its system for pre-filtering, phishing, BEC, attack classification, anomaly detection, compromised accounts, and inbound, outbound, and internal emails. It is a solution that successfully prevents spear-phishing (and more) while eliminating wasted hours of remediation and detection.
So yes, perhaps spear-phishing is low in volume. However, targeting, timing, and tenacity in utilizing social engineering tactics can lead to all it takes--just one successful attack.