The first-ever research report highlights industry-specific voice phishing risks and protective strategies.
Voice phishing, or vishing, poses a significant social engineering threat to organizations of all sizes. On average, vishing attacks cost organizations $14 million annually. As part of the 2024 Vishing Response Report, Keepnet, a Unified Social Engineering Platform, found that 70% of businesses are susceptible to voice phishing and sharing sensitive information during simulated attacks. The report identifies specific vulnerabilities in industries and departments, showcasing the different levels of risk and preparedness against vishing threats.
The use of AI to orchestrate these attacks has led to an increase in both their frequency and sophistication.
Additionally, legal and compliance challenges often block the implementation of vishing simulation tests, complicating efforts to combat this attack.
The Vishing Response Report is the first of its kind to demonstrate the feasibility of complying with FCC, GDPR, CCPA, and similar legal requirements while conducting voice phishing (vishing) tests. The Vishing Response Report analyzed data from over 3,000 calls made from Keepnet’s Vishing Simulation platform and found that:
- Manufacturing & Engineering and Entertainment & Media industries were the two most vulnerable due to factors including less focused cybersecurity training and resources.
- Customer Support was the most vulnerable department across all industries due to their roles that involve a lot of communication with outside parties. This made them more vulnerable to vishing attacks.
- The study found that 6.5% of users were deceived by vishing calls, suggesting a need for improved security training. Additionally, 40.3% did not answer these calls, which could either reflect a cautious avoidance of fraud or a troubling unavailability, potentially leaving the organization vulnerable to unnoticed criminal exploits.
- Companies with the lowest vishing rate typically use sophisticated simulation software.
Oliver Rochford, Independent Industry Analyst, commented: “It is encouraging to discover that over half of the participants in the study recognized and resisted vishing attempts.” demonstrating the effectiveness of anti-vishing training. But with 6.5% of employees still vulnerable to such scams, it is obvious that our work is never truly complete. Even a single lapse can be the catalyst for a significant breach, so ongoing vigilance is essential, especially given the impending rise in sophisticated vishing attacks powered by AI video tools.
Vishing Research Report provides a strategic blueprint for CISOs, enabling them to tailor strategies that effectively reduce human risk from voice phishing attacks while providing actionable insights. In addition, we provide a compliance roadmap for risk and compliance teams to guide them in conducting legal and secure vishing simulations. The report also helps executive and leadership teams facilitate communication, secure their support for budgeting, legal, and HR planning, streamline the implementation process, and build a robust cybersecurity culture.
“As vishing continues to pose a risk amplified by AI technology, dramatically affecting organizations of all sizes. Keepnet’s Research Report has revealed ongoing, applicable, and immediate solutions for security and risk managers to minimize vishing risks, reduce potential breaches, and save on organizational costs.”- Ozan Ucar, CEO, Keepnet.
Download our 2024 Vishing Response Report: https://keepnetlabs.com/reports/2024-voice-phishing-response-report
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!