Watch out for Phishing!
This is a Secure Message! That was the simple subject line of an email that came from me last Tuesday afternoon. Unfortunately, I didn’t send that message, instead I had fallen for a Phishing scam a few weeks earlier and the result was someone had gained access to my email and was phishing with my contacts. This became more than just an inconvenience; it is a potential security threat to businesses.
A 2019 Verizon Data Breach Investigation report found that nearly 32% of all reported data breaches in 2018 involved phishing activity, with email fraud the main tool in 78% of cyber-espionage events.
A recent article by Nikolina Cveticanin on dataprot.net, titled Phishing Statistics & How to Avoid Taking the Bait highlights some important data and strategies that businesses can use to avoid being caught.
Some of the key statistics highlighted include:
- A new phishing site is created on the internet every 20 seconds.
- More than 70% of phishing emails are opened by their targets.
- 90% of security breaches in companies are a result of phishing attacks.
- Small and mid-size businesses lose an average of $1.6 million recovering from a phishing attack.
- Apple is the most frequently impersonated brand by cybercriminals.
- More than 77% of organizations do not have a cybersecurity incident response plan.
Web browsers, network security tools, firewalls and more are key tools and strategies that businesses can deploy to protect their information but hackers get more and more sophisticated every day. When email phishing scams make it through the last line of defense are the people in your organization.
The right question to always ask is “Should I or should I not click this?” This is security awareness and additional training; review and testing can be critical to helping your business or organization avoid being the next victim.
In the event that you have been phished, work with your network security provider to update all of your login information, change passwords, and look for any changes to your permissions or access that may lead to continued issues. Good practice and training can help you avoid the hassle and embarrassment of emailing and calling everyone to explain that I got Phished.