Nearly one in three phishing sites use HTTPS. Malicious actors are increasingly using HTTPS to create a sense of legitimacy because they know users worldwide have been trained to look at the padlock icon and HTTPS in the address bar as symbols of security. Obtaining a security certificate like TLS/SSL has become incredibly easy, and, by doing so, cybercriminals can easily take advantage of users’ trust.

One in four malicious URLs are hosted on trusted domains. Cybercriminals are also hijacking pages on legitimate sites to host malicious content because it’s more difficult for security measures to block URLs on these domains and it won’t stir suspicion among end users.

95% of the malware is unique to a single PC. Nearly all of today’s threats are polymorphic, meaning that malware constantly changes its identifiable features to evade detection.

Malware targeting Windows 7 systems has risen 71%. Malicious actors are particularly targeting older operating systems in the hopes of exploiting unpatched vulnerabilities.

One in 50 URLs are malicious. This might seem insignificant at first, but if you consider the number of links people click, or websites they visit each day, you will begin to perceive the risk. Nearly a third of office workers click more than 25 work-related links per day, according to a Webroot report.

Don’t overlook threat intelligence. Invest in preemptive measures like signing up for actively updated threat intelligence to help predict future attacks, raise awareness of new attack types and even flag emails from high-risk areas.

Advanced endpoint protection. Installing and keeping antivirus software up to date and backing up critical business data are still part of basic cyber hygiene. But today’s sophisticated threats call for employing cloud-driven endpoint protection that harnesses the power of machine learning to detect and protect against evolving threats.

Deploying DNS protection. As DNS attacks gain momentum–with businesses reporting a 57% increase in downtime due to such attacks–DNS-level protection has become a business imperative. DNS security solutions provide content filtering at the DNS layer and full network visibility, as well as automatically block dangerous connection requests from phishing and malware sites.

Provide security awareness training. Providing end user education is key to IT security. Simulated phishing campaigns can not only help you gauge end user phishing awareness, but also help raise their cyber awareness. Keep in mind that continuous learning is key to success when it comes to such trainings.