Phishing Attacks Are on the Rise
Phishing attacks are increasing at a rapidly increasing rate and are becoming increasingly more difficult to discern from a legitimate email and the consequences for falling for them can be catastrophic. Phishing is a type of cybercrime that attempts to trick consumers into clicking a link or opening an attachment in order to steal sensitive information or install malware. Spear phishing is a phishing attack that is directly targeted at a specific person, group, or organization. Phishing isn’t just limited to your computer. According to cybersecurity company Lookout, “The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications”.
The Growing Threat of Phishing Attacks
According to CyberTalk.org, approximately 15 billion spam emails are sent out over the internet daily which means that approximately 1 in every 99 emails is a phishing attack. Regarding successful phishing attacks, CyberTalk.org also reported “When asked about the impact of successful phishing attacks, 60% of security leaders stated that their organization lost data, 52% experienced credential compromise, and 47% of organizations contended with ransomware.” This highlights the absolute criticality of self-reporting and sounding the alarm to management and I.T. that you clicked a phishing link or opened an attachment. A successful phishing attack is a cybersecurity emergency that must be dealt with immediately to lock down the account, check for and remove any forwarding rules in the breached mailbox, to potentially isolating infected machine(s) to stop the spread of malware across the network and for forensic investigation.
Failing to Self-Report Can Have Dire Consequences
It can be human nature to be afraid of owning up to and admitting that you fell for a phishing email because nobody wants to feel like they’ve been scammed. However, the consequences will be far worse when the source account/computer is discovered via forensic investigation. Per IBM’s 2022 Cost of Data Breach report, ransomware attacks were up 41% in 2022 with the average cost of a successful data breach costing about $4.35M.
If you have clicked a link and just realized you shouldn’t have, you need to report that incident to your IT administrators. Even if an email looks phishy you should have it sent to your IT administrator for review. When reporting a potential phishing incident, provide as much information as possible. This includes the time you received the email, what actions you took (clicked a link, downloaded an attachment, etc), and what time this occurred and any odd behavior that was observed after the click.
Cybersecurity Training Can Reduce the Number of Successful Attacks
When it comes to preventing successful phishing attacks, as the old saying goes, an ounce of prevention is worth a pound of cure. This is in the form of annual security awareness training and routine phishing simulation exercises. This helps organizations home in on training opportunities that may lead to future breaches and help stop them before they occur.
Advanticom Can Help
Advanticom is a Pittsburgh based premium IT solutions provider that can help your organization develop a customized cybersecurity solution including an in-person anti-phishing training session with your employees as well as 24-hour monitoring of your critical technology infrastructure. We will work with you directly to understand your environment and individual cybersecurity needs.