Phishing Attacks: What They Are, Why They're Dangerous, and What You MUST Know

Make no mistake about it: cyber crime is on the rise and this is one unfortunate trend that shows absolutely no signs of slowing down anytime soon. In 2016, there were 4,000 cyber attacks that specifically targeted businesses per day — and this only takes ransomware into consideration.

But with so many different attacks coming in various directions, it can be difficult for even the most seasoned business veterans to know where to begin in terms of cybersecurity. Oftentimes, they forget about one of the most common and dangerous types of threats currently out there — phishing.

During a phishing attack, a hacker or someone else with a malicious intent will try to obtain sensitive information about your business by pretending to be a reputable entity. Someone posing as one of your clients may send an email to one of your employees, asking them to log into a specific website, or provide their credentials for some reason. Should the employee take the bait, suddenly that hacker has access to your network — and every last kilobyte of confidential data contained within it. 

But thankfully, all hope is not lost. It is possible to successfully fend off every last phishing attack that you and your team may encounter. You just have to keep a few key things in mind.

Phishing Awareness Could Not Be More Important

Because of the nature of phishing attacks, the importance of raising awareness about this technique with every last member of your workforce is something that cannot be overstated enough. These are the single most widespread, prevalent form of cyber attack in existence, and have been for eight years in a row. 

Keep in mind that phishing attacks are simple, yes — but it’s brilliance also lies in that simplicity. Phishing attacks remain popular with hackers all over the world because it works impossibly well.

Consider the following statistics to get a better understanding of the situation you may now face:

• According to one recent study, phishing attempts have grown at a rate of 65% in the last year alone.
• Based on this study, it makes sense that 76% of businesses report to being a victim of phishing during the same period of time.
• According to a comprehensive study conducted by Verizon, about 30% of phishing emails get opened by the target victim. Out of those, about 12% of people actually click on the malicious attachment or link contained inside.
• Webroot Threat reports that there are almost 1.5 million new phishing sites created each and every month, all over the world. 

But the most damning statistic of all is undoubtedly the following: the average cost of a phishing attack on mid-sized companies is a staggering $1.6 million. The real costs can easily run in the tens of millions of dollars — an expense that can easily drive even the strongest business straight into the ground. 

Different Types of Phishing: Breaking It Down

To complicate things even further, there is no one type of phishing attack that you need to be aware of. In fact, there are many. These include:

• Spear Phishing. In this type of situation, a hacker will  — including information like the victim's name, their position, your business' name, and even proper phone numbers. This is all in an attempt to trick someone into believing that they have some type of connection with the person who sent the message.
• Whale Phishing. This is a lot like spear phishing in nature, but it's almost always targeted at wealthy, powerful, or prominent individuals. If one of your employees becomes a target of a hacker, that's spear phishing. If your CEO becomes a target, that's whale phishing.
• Vishing. This is essentially the telephone version of phishing, where hackers will use social engineering techniques against you in an attempt to provide sensitive information that you would otherwise protect. 
• Clone Phishing. This is what happens when someone is directed to a website that looks like a legitimate one, but that is really a carbon copy designed to steal whatever sensitive information the victim provides.

Yes, all of this is complicated and yes, none of it is good. But there is positive news about phishing that you can start putting to good use today.

Phishing is Absolutely Preventable

Phishing is absolutely preventable in the vast majority of all situations, but you need to make the most proactive effort possible in order to do so. Make employee training on phishing and other types of cyber threats a top priority. Teach them about the different types of phishing that they might encounter, how to spot a fake email, how to confirm that they're talking to who they really think they're talking to and things like that.

Every time you bring a new employee into the fold, have them go through the same training. As new types of attacks occur, make everyone go through the updated training all over again. If you give employees the skills they need to defend themselves from these threats, they will be able to do so.

Lanrex: Because Digital Transformation Shouldn't Be Dangerous

Likewise, it is important to invest in the types of cybersecurity solutions necessary to stop these attacks before they become a much bigger and more expensive problem down the road. Even if an employee opens a phishing email, downloads, and executes a rogue attachment, that shouldn't bring your entire network to its knees — and with the right cybersecurity infrastructure in place, it won't.

This is why many organisations around the world are choosing to work with managed service providers on a regular basis. Your MSP can handle all of your cybersecurity concerns and defend you and your employees against phishing, ransomware, and anything else, so that you can get back to actually running a business the way you're supposed to. 

If you have any additional questions about how to defend yourself and your business against phishing attacks, or if you'd just like to talk about why partnering with an MSP might be the right move for your business in a little more detail, please don't delay — contact Lanrex today.