17 Mar Five Things Your Employees Need to Know About Phishing
Phishing is a type of cyberattack that is becoming increasingly prevalent in today’s digital age. It relies on the deception and manipulation of human beings to gain access to sensitive information. Phishing attacks are typically sent in the form of emails or text messages with malicious content that, once opened, allows the attacker to access private accounts and steal identities and money. Unfortunately, phishing attacks can have serious consequences for both individuals and organizations, ranging from financial losses to data breaches and reputational damage.
As an employer, it’s essential to educate your employees on the dangers of phishing and how to avoid falling victim to such attacks. In this blog post, we’ll cover five critical things that your employees need to know about phishing. At NINJIO, we want everyone to have a better understanding of what phishing is, how it works, and what steps they can take to protect themselves and your organization from these threats.
Phishing is the most common cyberattack.
According to the FBI, there were more than 241,000 reported victims of phishing in 2020 – a number that’s almost two and a half times larger than the second-most-frequent type of attack. There are several reasons phishing is one of cybercriminals’ go-to tactics: first, the barriers to entry are low, as phishing doesn’t require much technical expertise. Second, phishing works, costing people tens of millions of dollars every year. And third, phishing allows cybercriminals to attack a large number of targets at once.
Many victims of cyberattacks don’t report these crimes to the FBI or any other agency, so the number cited above is almost certainly a significant underestimate.
The number of phishing attacks is on the rise.
The frequency of phishing attacks has increased significantly in recent years. According to a 2021 report by PhishLabs, phishing attacks increased by 40% from 2019 to 2020. The rise of phishing attacks can be attributed to factors such as the increasing use of technology and the ease with which attackers can use phishing tactics to target large numbers of people.
We should expect the threat from phishing to continue to rise, especially as AI may make it easier to build such attacks.
Employees are especially susceptible to phishing attacks.
One of the reasons phishing is such a pervasive and destructive type of cyberattack is the fact that it exploits universal psychological vulnerabilities. A 2017 study of phishing attacks found that the email subject lines which convinced victims to click were often coercive, such as (ironically) “Official Data Breach Notification,” “Your Password Expires in Less Than 24 hours,” and “Please Read Important from Human Resources.” Cybercriminals who launch phishing attacks frequently attempt to intimidate victims by speaking from a position of authority or presenting themselves as representatives of a legitimate entity. F5 Labs found that 55 percent of phishing sites used recognizable brand names and identities in their URLs.
These are all reminders that cybercriminals know which psychological buttons to push, which is why it’s no surprise that phishing attacks work over and over again.
Phishing attacks are often successful.
When PwC ran a simulated phishing attack on financial institutions, 70 percent of the emails were delivered and 7 percent of users clicked on the malicious links. Considering the fact that it only takes a single breach for a cybercriminal to steal sensitive information, leak or sell that information, and cause irreparable harm to a company’s reputation, this proportion is far too high. According to Verizon’s most recent Data Breach Investigations Report, phishing was involved in a quarter of all breaches in 2019 – a proportion that shot up to 36 percent last year.
IBM reports that the average cost of a data breach in the United States is $9.44 million, while it typically takes 277 days to identify and contain these breaches. It has never been clearer that companies need to teach their employees how to spot and prevent phishing attacks.
Phishing attacks can be prevented.
Despite the fact that phishing attacks seem to be rising inexorably, there’s plenty companies can do to avoid becoming victims. When employees are taught which warning signs to look for, they’re capable of recognizing when an email or any other digital communication is likely a phishing attack. When the Department of Homeland Security audited one of our clients (which had been providing employees with cybersecurity awareness training since 2016), it launched a simulated phishing attack to see how employees would respond. While 600 employees were tested, only one fell for the attack.
The first and last line of defense against phishing is always employees themselves, as anyone can send a fraudulent email. This is a reminder that companies need to educate their employees on how to spot and prevent phishing attacks to avoid becoming victims. We can help with that.