The leading cause of cyber-attacks on organisations is a cyber crime act known as Phishing. It is a form of fraud which a target or targets and contacted via email, social media, telephone or a text message acting as a legitimate well-known company to lure individuals into providing sensitive and personal information such as banking details, credit card information and passwords.
A survey conducted by Clearswift asked 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia ‘what was the biggest threat to their organisation’, phishing emails were ranked as the top threat in all 4 regions. This would suggest that organisations need to do more in terms of making staff aware and making themselves aware of what to do in event of a Phishing email or phone call.
PhishMe Inc. have found that a successful single Phishing attack costs medium sized enterprise £1.25 million on average.
Another report from Ponemon Institute showed that large companies which have over 10,000 employees spend £2.89 million annually on data breaches
Phishing attacks can target widespread people at random, to get them to enter personal and confidential information. However, more targeted Phishing attacks can occur which are referred to as ‘spear phishing’. Spear phishing is where a selected individual is targeted with emails or telephone calls to again reveal confidential information, but this can trick the individual into revealing information because the email or message may be tailored to them making it more believable.
2017 Cost of Data Breach Study from Ponemon Institute found that “having an incident response team can save £358,394.94 per data breach”.
Small, medium and large organisations can do more to protect their business against phishing scams such as staff awareness training, it is important to ensure employees can spot a Phishing scam and know what to do to look out for one. This may even include a stimulated phishing attack to show employees the threats and that they are vulnerable to an attack. Installing Anti-Virus software is key and making sure your software is up to date to help prevent damage to your system. It is also important to have an incident response team on hand to manage your security systems and ensure you are prepared in event of a data breach and attacks.
For more information on how your business can improve its security or information about employee awareness training contact CS Risk Management today.