How phishing attacks succeed – and how to keep your vital business data safe
By SoleCreation | July 17, 2020 | Company News, | 1
For many years now, email has consistently provided one of the easiest ways that cyber criminals can execute phishing attacks.
Irrespective of how you slice the numbers, the threat of organizational security and data breach through email phishing attacks is real, and growing. The reason attacks continue to grow is because they continue to be successful. In fact, in recent years, 30% of phishing messages were opened by users, and that number seems to be increasing as the messages continue to look more and more genuine. But perhaps the most telling statistic is that an eye-opening 94% of malware is delivered by email – these attacks are real and active.
And although it is such a commonplace and well-documented occurrence, there seems to be a complacency among SMB owners that it won’t happen to their business, or that the threat isn’t real enough to justify spending money on a security solution. In this article, we’ll outline why doing nothing is a risky strategy, and the many benefits of investing in the right service to prevent phishing attacks.
How phishing attacks succeed – the numbers
In order to highlight the scale of the problem and the potential threat to small businesses, it is a useful exercise to compare phishing attack data with that of sales teams. For a good sales rep that is in control of her business, she will know that for every 10 sales calls they make, they will close one piece of business. It may be 1-to-100, or 1-to-1000, it all depends on the product and selling cycles. The point is there is a trend, and the rep knows that if she makes the requisite number of calls, then the chances are that she achieves her quota.
It’s no different with phishing attacks. Despite the headline figures which can be frightening (or scaremongering, depending on how you view it), the reality is that there is a small but ever-increasing statistical chance that your business is hit with a phishing attack. Phishing hackers adopt a a ‘spray-and-prey’ approach which relies on a certain number of bites to make a campaign profitable – and on top of this, don’t forget that it’s incredibly cheap, if not free, for them to send hundreds of thousands of emails.
Get your users clued up
Hackers spend a lot of time perfecting the optimal hooks to get users to click on emails or attachments – and remember that 30% of phishing emails are opened by users. The first line of defence against hacks is therefore for those users themselves to be educated and given a basic grounding in email security risks. It’s vital they know what red flags to look for in sinister emails, with mis-spellings, strange ‘from’ email addresses, out-of-character requests or tone from colleagues, or unrealistic deadlines for items. Hot topics, or current news items are a favourite
The key is vigilance and awareness.
Is training enough?
Yet however good modern cyber security training is, and how attentive your users are to it (which with the best will in the world can be doubtful), behavioural change is far from certain. People are busy, and may not realize quickly enough in the heat of a working day that an email is malicious. Some people respond better to different types of training.
In short, user awareness training is useful, but it is only a first line of defence, and much more is needed to properly equip your organisation for the sophistication of modern phishing attacks.
A layered approach
Because of this, the threat of modern phishing attacks is best handled with a layered approach to prevention.
In addition to user training, it’s important to build a layered approach to your firm’s email security strategy. For this to be effective, it’s essential to lean on a combination of human diligence and training, but also on technology, since with the best will in the world, humans make mistakes and can’t be expected to spot increasingly sophisticated cyber attacks.
What’s the solution?
For instance, it makes sense to add an additional email security gateway on top of any existing email program you are running. While many email programs offer some level of in-built security, this is often insufficient and consumer-grade, and adding an additional layer of checks on top can go a long way toward reducing the overall number of threats reaching individual users’ inboxes. This immediately means your company’s security relies less on humans to spot threats.
Additionally, it’s important to realize that email usually represents only one phase of an attack. Having other security layers in place such as endpoint protection to detect malware and file–less attacks, backup for restoring data if it gets encrypted with malware, and frequent patching can help you round out an effective security strategy.
Ultimately, phishing attacks continue because they succeed and are profitable for cybercriminals. Yet, if you have the right technology in place to supplement the human element, you can help greatly reduce your customers’ risks.
One of the best ways to help reduce email attacks is to have a strong email security solution in place. MailProtector is built to help protect your business from email attacks. It uses collective intelligence from its entire user base to protect against even emerging attacks. For example, if some of its user base sees a specific scam occurring based on a news event, it can flag that and help prevent it from reaching the inboxes of other users. Additionally, it’s compatible with nearly any email solution including Microsoft 365.
Sole Creation can assist with demonstrating and applying this solution to your environment.