New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

We’ve long known that phishing attacks are a primary initial attack vector in cyberattacks – it’s been relatively constant in all the Coveware Quarterly Ransomware reports, and there’s that “90-something percent of all cyberattacks begin with an email” stat that keeps floating around the industry that no one seems to have the desire to discredit.

But new data from Acronis’ End-of-Year Cyberthreats Report shows phishing isn’t just the leader; it’s making great strides to dwarf any other initial attack vector.

According to the report, phishing is used in 76% of all email-based initial attacks, with delivery of malware via email at 18%, an “advanced attack” and BEC at 3%. Phishing jumped up 31% over its position in the first half of the year (which was at 58% of all email-based attacks). The interesting perspective in this report is that the massive growth in phishing doesn’t include December of this year – meaning that the growth will be ever larger!

As phishing will continue to be a growing problem, the use of ever-improving social engineering skills on the part of threat actors means your employees are going to need to be proficient in spotting suspicious emails before engaging with them. This level of vigilance is taught using Security Awareness Training, helping to elevate an organization’s security stance and lowering its risk of successful attack.