Identity And Access Management
December 03, 2021
Phishing remains an increasingly difficult issue for businesses to deal with and SMBs fall victim to data breaches every day of the year. Having an understanding of these phishing stats will go a long way to recognizing the threat that social engineering attacks pose to modern organizations.
In this blog, we’ll be talking about the dangers of phishing and what businesses should do to ensure they keep their sensitive data out of the hands of malicious actors.
Phishing has been a prominent concern for businesses for several years, but in recent years it has taken on an even more significant role in terms of the increase in vulnerabilities that exist within networks today.
What are these vulnerabilities?
For the most part it actually concerns employees themselves.
As the infographic notes, 85% of data breaches are caused by human error—most often involving someone, like an employee, clicking on something they should not have.
Human error is a key factor in surging levels of phishing cybercrime that we see today and is something organizations should be willing to tackle through awareness training and tech solutions that lower the opportunity for cyberattacks to breach a network.
Phishing is one of the simplest and most effective methods cybercriminals use to obtain sensitive information.
They will pose as a figure of authority and send an email to the victim requesting them to provide valuable information, like credit card numbers, social security, or identification.
Though these schemes may seem quite comical in their approach, they are anything but, and hackers have perfected the art of hoodwinking unsuspecting victims into handing over their data and information.
Cybercriminals operate on the basis of pursuing the path of least resistance.
In other words, they understand the law of averages when it comes to cyberattacks, and they recognize that they only need to succeed once in order to get what they need from one of the millions of spam emails they have sent.
This is why human error is such a crucial factor when it comes to stopping these phishing attacks—at the end of the day it is the unfortunate reality that organizations must fend for themselves in order to prevent data breaches.
There are several ways businesses can bolster their cybersecurity profile to improve their chances of keeping their data safe.
At DOT Security, we recommend that companies take a layered approach to their security.
This means that the strategy for cybersecurity should comprise an array of solutions that cover every eventuality.
Included in this will be solutions like perimeter security, endpoint security, backup and disaster recovery (BDR), information security, and security awareness training.
As far as phishing is concerned, of primary importance will be information security and awareness training.
Security awareness programs are common in workplaces today and consist of training for employees so that they can learn to spot danger before it becomes a big issue.
These programs are updated regularly and, through practice emails and other techniques, teach users what to look out for in incoming emails and what to do as far as escalation to IT is concerned.
According to the results of Terranova’s 2020 Gone Phishing Tournament, almost 20% of all employees are likely to click on phishing email links and, of those, a staggering 67.5% go on to enter their credentials on a phishing website.
Security awareness is a vital and yet often neglected aspect of security, with organizations frequently overlooking it as something they should invest in.
Just 11% of respondents in a survey by Hiscox in their annual report said that their companies had increased spending on security awareness training after a cyberattack. For those that have yet to do so, they should strongly consider adopting a security awareness strategy for their staff.
Information security concerns how organizations protect their data and the protocols they have in place that prevent data leakage.
While human error is frequently cited as the root cause of the majority of cybersecurity incidents and breaches, information security undoubtedly plays a significant role in sensitive data being stolen.
This is because aspects of information security, like access controls, which determine and set out policies regarding who has access to what information, are fundamental to a secure business network.
In many instances, employees who do not necessarily need access to data are granted it by default through standard administrative settings.
As a result, the “attack surface” (probability of being breached and number of vulnerabilities) is significantly higher than it should be, as hackers need only to gain access to one member of staff’s login details to access an entire network.
Users on a network should only have access to data that is needed to perform their jobs, otherwise it serves no purpose other no to increase the risk of being attacked.
Getting a quality information security program in place as part of a wider cybersecurity plan is essential.
Phishing attacks are as dangerous today as they have ever been for organizations.
The phishing stats in this infographic demonstrate how risky it is for a modern business to not have a strategy in place for dealing with these types of attacks, and those who are unsure of where they stand should strongly consider having a risk audit conducted to understand exactly where their weaknesses lie and how to address them.
For more information, fill out a form and talk about your cybersecurity with one of our expert cyber professionals.