Analysis Sees Limited End User Ability to Accurately Identify Phishing Attacks
An analysis of telemetry data published by Red Canary, a unit of Zscaler, finds only 16% of the tens of thousands of phishing emails reported by end users in the first half of 2025 proved to be actual threats.
At the same time, however, the report also noted that cybercriminals are employing increasingly sophisticated techniques, including using legitimate services such as Google Translate to create convincing phishing emails that bypass traditional security measures and obfuscate detection.
On other fronts, the report also finds that two tactics used to compromise cloud computing environments, known as Data from Cloud Storage and Disable or Modify Cloud Firewall, have made their way on to the top 10 techniques that the provider of a managed detection and response (MDR) platform most often discovers.
Finally, Red Canary noted it observed an almost 500% increase in detections involving cloud accounts during the first half of 2025.
Brian Donohue, principal security researcher for Red Canary, said that increase stems primarily from an expansion of the coverage it provides to include identifying logins from unusual devices, IP addresses, and virtual private networks (VPNs).
In general, while there are shifts in the tactics being employed by adversaries, most organizations would be better served by focusing on cybersecurity fundamentals. Most adversaries continue to rely on rudimentary techniques that have been proven to work, many of which are used to victimize organizations that for one reason or another were overlooked, such as, for example, misconfiguring a cloud storage bucket, noted Donohue.
It’s not clear to what degree investments in cybersecurity are keeping pace with rising threats that, in addition to increasing in volume, are also becoming more difficult to detect. That latter issue is especially problematic when it’s already apparent that end users, even before the rise of artificial intelligence (AI), are finding it challenging to distinguish between legitimate email and a phishing attack.
A report from The Futurum Group suggests spending on cybersecurity spending will increase at a compound annual growth rate (CAGR) of 11.6% from 2024 to 2029 to reach $287.6 billion in revenue. Specifically, the Futurum Group report notes the network security market, valued at $27.9 billion in 2024, will grow to $43.71 billion by 2029, representing a CAGR of 9.4%, while endpoint security will grow from $22.8 billion in 2024 to $33.64 billion by 2029, for an 8.1% CAGR. However, in the nearer term a survey from IANS Research suggests the pace at which cybersecurity spending might grow this year has been substantially reduced in light of current macroeconomic conditions.
One way or another, however, the cybersecurity tools and platforms used today will need to evolve in the age of AI. After all, adversaries are discovering how to more effectively use tools so defenders will need to follow suit as attacks and responses occur faster than humans can effectively manage on their own. The upside is that defenders will generally benefit a lot more from AI than attackers, said Donohue.
In the meantime, the challenge as always comes down to finding ways to fund the next generation of cybersecurity tools and platforms that are already rapidly becoming essential for any organization that expects to not just achieve a meaningful level of cyber resilience, but also simply survive.
