As 2018 begins, the dangers of phishing have never been higher as the total number of cyberattacks continues to rise. There were 1,579 successful data breaches in 2017 according to data from the Data from the Identity Theft Resource Center and CyberScout. This figure shows nearly a 45% rise from the previous year. The numbers become especially troubling when broken out by industry.
Overall, most sectors are tightening their security measures and, as a result, fewer breaches are being reported. Health care, government, financial industries and education all reported a continued decrease in successful data breaches. Although this is welcome news, there is one market that is heading in the other direction – business. In fact, the business sector accounted for nearly 60% of all breaches in 2017. This trend has been growing steadily since 2013, according to the report.
The pace of cyberattack evolution is the main cause of this. Businesses have been heavily investing in methods to prevent a certain type of cyberattack, only to have hackers change their strategy virtually straight away. The problem with this is that the organization has already spent its budget in information security using price optimization and may be scrambling to allocate more. However, data suggests that one of the most straightforward forms of cyberattack is still among the most effective: phishing.
False sense of security
While more elaborate types of cyberattack such as ransomware routinely make the news, phishing has remained below the radar. Many people still associate it with stories of foolish people falling for schemes from a Nigerian prince or believing that they had suddenly acquired millions from the government. These are fantasies that businesses tell themselves they would never be susceptible to.
Data from a couple years ago may also have looked positive. A 2016 Symantec report found that the overall email spam rate was falling and that fewer phishing bots were being used. This information, most likely the result of email server providers like Gmail and Outlook stepping up their sorting technology, may have given business executives a false sense of security.
When you add this with another major problem in the business sector which is that most executives are out of the loop when it comes to understanding cybersecurity concerns, you can see where an issue may arise. In fact, a cybersecurity survey report from BAE systems in 2016 discovered that less than half of all executives claimed to understand their own company’s information security policies.
This same survey also found that only 60% of companies were giving their employees formal cybersecurity training sessions, and 70% of that number only had training once per year on average. When you take into account how rapidly cyberattacks change and adapt, this strategy would leave companies exposed to vulnerabilities. Theres the argument that these organizations may even be more vulnerable than others because of the misplaced sense of security.
Everyone is targeted
According to the Comodo report, 50% of employees will open an email from an unknown sender if they see it in their inbox. This is a frightening statistic and explains the increasing amount of phishing attacks, as well as why they are such a prevalent method. Every employee has the potential to be targeted.
Phishing stresses how there needs to be comprehensive employee training at every level. It only takes one person not being diligent to put an entire organization at risk. For example, if an entry level analyst is successfully breached, the hacker could possibly be in possession of the network passwords, meaning that they suddenly share his or her level of access. The hacker can then use this to install ransomware or other harmful programs.