What are phishing attacks? Phishing attacks are a social engineering method to either fraudulently obtain your information or to trick you into downloading malware. The goal of the phisher is to compromise your network or data. Phishing attacks work because they disguise their communication or web pages as being from a trusted source, making you believe the request is real and prompting you to take an action like clicking on a bad link or giving up information.
As a social engineering scheme, phishing works very well. Human nature is very trusting when it comes to messages we believe to be from legitimate sources. Does that mean businesses are losing the war against phishing? There are a few studies that would seem to suggest so. A recent Cloudian survey found that 65% of victims that reported phishing as the entry point for ransomware had conducted anti-phishing training for employees. Meanwhile, Ivanti has also conducted a study which shows that 74% of companies have fallen prey to phishing in the past year, and 40% became victims in the last month alone.
The Ivanti study also points to an increase and sophistication in phishing attacks since the start of the COVID-19 pandemic. They found that “80% of respondents said the volume of phishing attempts increased, and 85% said the attempts are becoming more sophisticated, making them increasingly harder to detect.” Part of the reason for the increase is the move to remote work: “smishing (text-message phishing) and vishing (voice call phishing) have increased in the past year as more people are using mobile devices for remote work.”
If you are wondering why you should worry about phishing attacks, remember that the goal of the phisher is to get to your network or data. Ransomware and Business Email Compromise (BEC) often use phishing as their entry points. The Cloudian study found that 25% of all survey respondents said their ransomware attacks started through phishing, but that number grew to 41% for businesses with less than 500 people. Cloudian also found that the average cost to an organization was $500,000.
While these studies make it seem like fighting phishing is a losing battle, there are steps your organization could take to help lessen the impact and severity of attacks.
- Ongoing employee cyber awareness training is still important. All employees, from the CEO to the receptionist, must be trained to have the best chance of success
- Use endpoint management software that includes on-device threat detection and phishing detection.
- Make use of the best technology you can afford, be it artificial intelligence, machine learning and/or automation, to identify and remediate threats.
- Where possible either eliminate passwords in favour of biometrics or enable multifactor authentication to eliminate the threat from easily guessed or stolen passwords.
Fighting phishing doesn’t have to be a losing battle. Having a partner in you corner like QuickProtect can help you win the battle of keeping your network and data secure. Learn more about how our services can help you protect your business from phishing threats.