Phishing Scams – what should businesses be aware of?
It’s no secret that phishing scams have been a cybercriminals favoured and most frequently used form of attack since the outbreak of the COVID-19 pandemic.
Phishing threats have risen by 600%, and Google have reported more than 240 million coronavirus-related spam emails circulating Gmail alone every day.
Yet with 61% of IT decision makers believing that it’s likely or inevitable that their business will suffer a negative impact from an email-borne attack, what actions are organisations taking to reduce their risk?
Startlingly, less than half (46%) of businesses have a cyber resilience strategy in place. On average, 94% of organisations experience phishing attacks.
The intent of phishing attacks primarily focus on bypassing outer security walls by targeting employees internally, in order to gain access to privileged information, financial details, customer data or company IP.
Oftentimes, a cybercriminal will maraud under the guise of one of the C-level executives in the organisation, or as a partner or affiliate company. Some attacks will install ransomware into the network that ultimately results in downtime, in turn costing the business.
In the case of an attack where company customer data falls prey, outcomes can be catastrophic, as any information lost cannot be regained; the damage cannot be repaired. Companies then have a legal responsibility to inform all customers of that breach, affecting credibility and face, and making them liable to fines and payouts.
A recent test organised by Mimecast sent a fake phishing email to 6500 employees at a software company. Their results showed that only 88% of employees did not open or engage with the email. The other 12% did, with 7% of employees opening it in under a second of receiving. It may not seem like much when you look at the percentages, but that’s still 780 breaches into the organisation’s network.
As it stands one of the most at risk industries is the financial sector, with 2/3 (68%) of businesses targeted frequently by impersonation attacks. The manufacturing and professional services sectors follow in close suit, with 66% of their organisations respectively focused on.
At Serbus, we were approached by one of our clients in the FinTech space with repeated phishing attempts as one of their key concerns. To find out more about we helped them improve their threat resilience, you can read our case study here.
Now, more than ever, it is important for businesses to assemble their cyber security strategies to safeguard their data and IP.
To speak with us about your requirements and how Serbus can assist in reducing your organisation’s threat exposure, drop us an email to firstname.lastname@example.org or give us a call on +44 (0)1432 870 879.
*Sources from Mimecast’s ‘The State of Email Security Report’