Advanced authentication to catch phishers Over the past year, phishing has emerged as a significant risk to businesses of all sizes and across industries. The technique represents a re-emergence of traditional social engineering tactics, although phishing is more highly focused and effective. Cybercriminals have become adept at using phishing schemes to obtain user credentials and then gain access to information systems and data. This year, in fact, 38% of survey respondents reported phishing scams, making it the top vector of cybersecurity incidents. The surge in phishing incidents suggests that cybercriminals are relying less on sophisticated malware to conduct attacks and instead are “living off the land” by exploiting existing administrator tools and functions. To combat theft of user credentials, many businesses are adopting advanced authentication to replace all-but-useless passwords. This type of prevention has become a critical business requirement as exponentially more consumer and corporate information is generated and shared, and consumers expect that their personal data will be secured. Today, the most widely used advanced-authentication technologies are hardware and software tokens, followed by biometrics such as fingerprint and iris scanners. In the coming year however, survey respondents say their No. 1 spending priority for authentication is smartphone tokens. This year, 28% of survey respondents reported security compromises of mobile devices, and securing smartphones and tablets is clearly top of mind. 9 Key findings from The Global State of Information Security® Survey 2017 © 2016 PwC