In the realm of cybersecurity, do you think you are covered? 74% of hackers say they are rarely impressed by an organization’s security measures. So why aren’t they impressed? Are your firewalls not tall enough, is your system not up to date, is your IT defense force not up to snuff? No, it’s because 93% of security breaches involved phishing attacks in 2018.
Why worry about phishing, when everyone can see the red flags? Most businesses even train employees annually on spotting suspicious emails. Take into account that 384 billion emails are sent every day, of which 85% are SPAM. In 2018 alone, 83% of people received phishing emails, with 64% of businesses experiencing phishing attacks.
Attacks Keep Coming
Employees are becoming overwhelmed by the bombarding attacks. 72% of employees report that protecting themselves from email attacks has become more difficult since 2016. Just two years ago 4 out of 5 people experienced a phishing attack. And the frequency of attacks is increasing, more than doubling from 2013-2018.
What’s worse is that many employees are left in the dark. Despite annual training, 35% of employees don’t know what phishing means. 1 in 10 has clicked a link in a phishing email, and it only takes one to do damage. Businesses lose nearly $2 million per incident through decreased productivity, data loss, and reputation damage. 1 out of 3 customers will stop using a business after a security breach.
Almost all Infosec professionals recommend training employees to identify phishing attacks. Annual training is not enough, however, as many employees forward suspicious emails to IT, with only 15% being malicious. Continuously training employees can help empower them to feel confident in dealing with what may be an everyday threat to security. Further, it is effective, and over half of information security professionals believe training has reduced phishing susceptibility.
Even the boss needs to be familiar with what a phishing scam looks like, and why it works. Almost half of hackers have a preference to exploit human nature rather than technology. We can see that it’s much easier to launch a cyber attack with phishing.
Here’s what NOT to fall for:
- A violation notification, e.g. a toll, taxes, etc. — This creates a sense of urgency
- Invoice for a required payment, e.g. electric bill, subscription, etc. — Mimics realistic personalized messages
- Updated or changed plans, e.g. building evacuation, meeting code, etc. — Preys upon fear with need-to-know information
With so many potential threats, a robust security network, built of both programs and educated people, is what will keep the phish out.