GigaOm Radar for Anti-Phishingv3.0

1. Summary

Phishing remains the leading method used by cybercriminals to attempt to breach and infiltrate organizations with malware, credential harvesters, and ransomware. Successful phishing attacks lead to loss of data, services, and money—or worse, all three. As such, prudent, risk-aware IT security leaders must make it a high priority to combat phishing attempts.

Today, organizations use a number of tools for chat, messaging, productivity, collaboration, conferencing, and social media—all of which are channels that cybercriminals use as potential paths for a phishing attack. Often, attackers use a mix of these channels in a single attack. An attack chain may start with an email that leads to an instant message that leads to a phone call, all aimed at a single user.

In addition, attackers are leveraging AI to study a target’s online habits to more accurately craft a phishing attempt likely to catch the casual observer off guard. It is also used to augment information that has been previously stolen to create synthetic identities, which can then be used in further attacks or other cybercrimes.

There has also been an increase in the targeting of trusted brands, impersonating them to try to catch users unaware. For example, LinkedIn was the most popular platform used in phishing attacks in 2022, followed by Facebook, Google, and Microsoft.

There are a number of factors to consider when looking at solutions. First, an organization should understand its potential attack surface. While an attack may arrive via numerous channels, email remains the most prevalent. A suite of solutions from one vendor may provide a more complete picture of an attack, but it can also be less cost effective, locking an organization into a single vendor.

Organizations should also consider the degree of automation they want in a solution and how proactive a solution should be. Should all actions be automated, or does the organization want to retain control? Should solutions act on indicators of potential attack or deal only with known attacks? Should solutions take steps to better educate and arm users to identify threats?

This is our third year evaluating the anti-phishing space in the context of our Key Criteria and Radar reports. All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Spam blocking
• Standards support
• Threat scoring
• User training
• Administration capabilities

This GigaOm Radar report highlights key anti-phishing vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Anti-Phishing Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.