In this age of data and digital technology, all businesses need robust cybersecurity measures, because regardless of industry, size, and geography, they’ve become the constant targets for cybercriminals. Of all the attack methods used by criminals, one stands out since it takes advantage of human error, is the easiest to undertake, and is the most successful —- phishing.
Companies should be able to defend themselves against phishing. To do that, you need to know more about it and how it impacts your business.
What is phishing?
It is a cyberattack that uses email and fraudulent websites to deceive persons into giving away confidential and sensitive information, downloading malware, or both. Because it preys on the carelessness and complacency of individuals, a phishing attack is oftentimes classified as social engineering or a social attack. Employees are targeted by phishing attacks on a daily basis.
Around the world, phishing attacks are evolving, increasing in number, and becoming more sophisticated. Even the world’s largest corporations aren’t immune and experience more than 1,000 phishing attacks a month. Here are more facts:
- 64% of organizations have experienced a phishing attack in the past year (Check Point Research)
- 30% of phishing messages are opened by targeted users (Verizon)
- 32% of data breaches in 2018 involved phishing activity (Verizon)
- Phishing was involved in 78% of cyber-espionage incidents (Verizon)
- 51% of phishing attacks contain links to malware (Avanan)
How does phishing work?
It’s easy to become a victim of a phishing attack. Consider the “You have a FedEx package” example. An individual receives a message that seems to be from a legitimate FedEx email address. The email itself is a personalized message instructing the recipient to click on a “package tracking” link, which actually launches a malware. Many phishing attacks follow just about the same pattern or technique.
Another method of phishing is spoofing. In this hacking technique, a link in the email message leads to a “spoofed” website, a fraudulent one made to look like an authentic website of a legitimate company, in this case, FedEx. It tricks a busy or careless employee to enter credentials into this fake web page. Or once they enter the spoofed website, the phisher can invisibly load malware onto the user’s device.
What are the costs?
Phishing attacks have been the cause of several data breaches. According to an IBM report, the average cost of a data breach can go up to $3.86 million. However, a figure alone isn’t sufficient to communicate the consequences of a phishing attack. So let’s break it down.
Brands are built on trust. The publicity surrounding a serious breach can tarnish a brand. It will change the perception of the brand into one that is untrustworthy for employees, partners, and customers.
Your brand is the foundation of your company’s market capitalization. A phishing attack’s negative effects on your brand can sabotage hundreds of millions in market capitalization.
Intellectual property theft is no less devastating. Phishing can compromise trade secrets, research, customer lists, recipes, and formulas. For firms in manufacturing, food, technology, or pharmaceuticals, a single stolen design or patent amounts to millions in wasted research investment.
The direct monetary costs from phishing are well documented and reported. According to the FBI’s 2018 Internet Crime Report, phishing and other kinds of email fraud lead internet crimes in terms of cost:
- Business email compromise (BEC) attacks cost US businesses more than $1.2 billion.
- Gift card scams, a kind of spear phishing attack involving a gift card purportedly sent by someone the user knows or even reports to, cost victims in the United States $70 million.
- Direct deposit phishing, an attack that steals a user’s employee portal credentials and then their salary, cost businesses more than $100 million.
Phishing attacks on your business will also mean paying fines from regulatory bodies like the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS). Investigating the incident and providing compensation to victims of stolen data can run into the millions.
Small businesses in Orange County aren’t exempt from phishing attacks. That’s why we at Hudson Valley IT have taken upon ourselves the task of protecting its business community from cybercriminals. We’ve helped local businesses reduce risks and mitigate threats of these and other cyberattacks with comprehensive security consulting services and a more robust security environment. Find out what Hudson Valley IT can do for your company.
Like This Article?of our most popular posts