Phishing attacks, while simple in nature, have no trouble regularly targeting big and small businesses alike.
How can businesses who spend millions on cyber security still fall victim to such obvious attacks?
The stats on the topic might surprise you. 30% of people who were sent a test phishing email actually opened the suspicious email.
Don’t take our word for it? You don’t have to. Verizon recently released its annual Data Breach Investigations Report (or DBIR for short) and listed the figure as one of many startling facts about phishing.
The report is an authoritative voice in the cyber security world, keeping security teams up to speed on the latest and greatest hacker feats over the past year.
Another startling fact found in the report - 13% of participants actually clicked on the embedded link or downloaded the attached file in the test email.
While not a huge jump, this number is still an increase from the stats listed in last year’s report. This means that more people are falling for phishing attacks than before. But why?
The DBIR points to “a failure to communicate” between security staff and victims. As it turns out, a company’s cyber security is only as strong as its employees.
Employees tend to be the Achilles heel for cyber security, so it falls on the shoulders of the security team to enlighten them on the seriousness of being cyber security savvy.
Educate your employee base about the types of phishing emails they may encounter and why they pose such a threat to your company.
Make sure your employees also have the option to report shifty emails. Only 3% of individuals targeted by phishing emails reported the email to the right people.
Verizon recommends you employ some preventative measures to help stop a breach before it starts.
One method that can help mitigate the possibility of a phishing attack is introducing email filtering to your company. By keeping nasty emails from finding themselves into your employee’s inboxes, you limit the risk of data loss via email.
Stay far, far away from static passwords. Hackers can exploit passwords oversights to gain more access to your company’s data, resulting in a bigger punch to your company’s security. Do we really need to say any more?
Be sure to segment your network too. The secretary just doesn’t need access to every trade document your company has ever written.
Keep an eye out for questionable traffic and monitor odd connections within your network. By constantly looking for a threat, you up your chances of catching and stopping a phishing scam in its early stages and hopefully before your company sees any catastrophic effects from the attack.
In the end, one bad email doesn’t mean eminent demise for your company. Taking the proper precautions before an attack can make a world of difference when, not if, your company experiences a phishing attack.