Did you know that in a single day over 380 billion emails are sent, 85% of which is SPAM? Many of those emails may be a phishing scheme, in 2018 more than 80% of people received phishing emails. Phishing attacks are on the rise, more than doubling from 2013-2018. What do we stand to lose and what can we do in the face of the ever-growing threat of phishing?
The fact that 8 in 10 people experienced a phishing attack just 2 years ago, is reason enough to be on guard. But 2 out of 3 have received phishing emails, while 1 in 3 people have been compromised. They had a computer infected with a virus or malware, their account compromised, or a social media or email account hacked. Over 90% of social media attacks were phishing related.
Individuals aren’t the only ones who are becoming targets, more than half of businesses have experienced phishing attacks. When an attack is successful it can be costly, businesses can lose nearly $2 million per incident. They suffer one or more of decreased productivity, data loss, and damage to their reputation. It isn’t merely a bad review though, 1 out of every 3 customers will stop using a business after a security breach.
Many feel it is getting out of their control to be able to stop a phishing attack. Since 2016, 72% of employees say that protecting themselves from email attacks has become exceedingly more difficult. Why is it so tough to discern legitimate from fake? Hackers enlist psychology to phish and exploit emotions. What sorts of tricks are stuffed up their sleeve?
Mostly, hackers try to elicit fear to trip people up, e.g. urgent bills, new important information, or notice of violation. All these create a sense of urgency and preys on the fear of not having all the pertinent info. Hackers are also sending realistic messages from reputable institutions duping people into sending payments. Some phishing goes undetected like formjacking when a website form is hacked to collect private user information.
People don’t seem to know what to look for, and current procedures aren’t effective. A lot of employees send suspicious emails to the Information Technology Department. Out of all the emails forwarded to IT, only 15% are malicious. These are the results of annually trained employees, which doesn’t look like it’s enough.
After annual training, 35% of employees don’t know what phishing means. This is a fatal flaw that if left unchecked will lead to being a victim of a cyber attack. 1 in 10 employees clicked a link in a phishing email. This is why you need people not just tech to protect from cyber threats.
Over half of information security professionals believe that continued training has reduced the susceptibility to phishing attacks with almost 100% recommending to train people to identify them. People can do better with the right training, feedback on effectiveness, and the tools to apply their training. It is no secret that people learn better through practice and reinforcement, so get to it!
Are you protecting your business? Learn more about how to guard against phishing here!