Why Should Your Business Take Phishing Seriously?
A recent Proofpoint report revealed that 75% of organisations have been hit by e-mail fraud attacks in the last two years. More than 2 in 5 (41%) were targeted multiple times. It is clear that phishing is a huge risk to businesses in the current climate and has been for at least two years now. Why then are many companies refusing to take action to protect their business and educate themselves and their employees on the dangers of phishing? Here are two major issues that are making your business vulnerable to phishing attacks and how you can resolve them.
1) The human factor:
ComputerWeekly wrote an article about the dangers of social engineering and revealed that across 10 penetration tests, more than 3,300 messages were sent, and 17% of them succeeded in tricking recipients into taking actions that would have been detriment
al to the company. We wrote a blog post about staff awareness and its importance with more information about how fundamental training is in preventing the success of phishing attacks.
Significantly, ComputerWeekly stated that 88% of targeted employers worked outside of IT so they would not be expected to have any prior knowledge or training about e-mail security. Proofpoint found that likely targets are as detailed in the picture on the right. This demonstrates the importance of some form of e-mail fraud defence, ideally training. If these employees were just as clued up as the IT team are on the warning signs of a phishing e-mail then they would not be such easy targets for cybercriminals. This research shows that this awareness is just as important, if not more important than awareness amongst your dedicated IT team.
What can you do?
The best option to take is to employ a staff training programme. This is definitely being understood my employers as 57% have now employed a user awareness program to make sure the prime targets in their company can work alongside them to keep the business secure.
Xenace has created an interactive training platform that raises awareness and educates about the risks of phishing attacks. The product is called Phishwise and you can find out all about it on the website. If you just want to test out how effective this service could be for your business we offer a pay as you go option, which is perfect for testing the waters. This option will provide you with a one-time phishing campaign which includes a penetration test to see how susceptible your business is to attack by sending out a fake phishing e-mail and gathering data about how many users took action to the e-mail that would have compromised the business. From this data, you can select one of our plans to start educating your staff to have a higher awareness of phishing e-mails.
If you are interested in finding out more get in touch with us via the Phishwise website
2) Advanced technology:
As phishing attacks are getting more and more intelligent, is your business technology able to keep up? Proofpoint found that 46% of businesses across the UK, US, Germany France and Australia have deployed e-mail authentication protocols and 37% are planning to do so this year. This is good but it should be something that every business has in place as its first line of defence against phishing attacks.
The most effective way to lure users is to send an email with a phishing link which fooled 27% of recipients in a report conducted by Positive Technologies. 15% of employees responded to emails containing an attachment and link to a web page, and 7% to test emails with an attachment. If you employ an effective e-mail security service that filters out e-mails containing such links or attachments then you catch the e-mail before it even reaches a user’s inbox. These links and attachments may not be immediately dangerous to a user so employing an intelligent security system that can detect even the most elaborate of disguises will act as a fantastic foundation layer in securing your business against attack.
What can you do?
It is a good starting point to evaluate what security systems and policies you currently have in place. Do you have multi-layered spam filtering technology that can identify spam for your specific domain, utilises frequency-based detection (fingerprinting) and smart rules (heuristics), and well as blocking known spammers from using a proprietary list? Well, we do! Our cloud-based e-mail security supplies the most inclusive virus and spam filtering protection available, and as it is cloud based it can be set up in a matter of minutes with no software or hardware to install. As well as e-mail security, general security updates and firmware are patched through whenever they are required to ensure your business is protected well, keeping the data of your clients safe and secure.
If you are on the fence about whether outsourced IT is for your business, see our blog post that explains why it is a valuable asset for any business. In short, managed IT support is a brilliant way to ensure your business is not only running smoothly but also that it is always secure. You will have a dedicated team that will monitor your IT systems 24/7 365 days a year, that could save you up to 80% of the price of an in-house team that work 9-5 for 5 days a week and require 28 days holiday each. And this recent rise in cyber-attacks could be the perfect time to consider other options and try something new for your business' cybersecurity.
If you want to discuss anything mentioned in this post then get in touch, we are always around for an informal chat to evaluate your business’ needs and to show you how we can be of help to make a difference to the protection of your business.