Over the years phishing attacks have become more and more common. Typically they’ve been targeted at individuals and smaller companies but there has been a rise in the number of hackers targeting phishing attacks to small and medium-sized companies who do not view themselves as vulnerable to these type of attacks.
Although it may seem that small organizations with fewer than 250 employees are less likely to be attacked than larger organizations, this is not the case. According to Verizon’s 2016 Data Breach Investigation report, smaller businesses are reporting significantly more data loss than larger businesses.
No market, geographical location or region is bulletproof when it comes to phishing attacks. And it seems that most malware steals credentials, which can lead to a loss of company critical data, financial data & credentials, customer data and trade secrets.
Phishing attacks are a form of social engineering, tricking people into doing something they would not normally do. It is malicious correspondence trying to get the recipient to take the bait in the form of an attachment or embedded link, which then installs malware on the user’s computer or mobile device.
A report combining over eight million results of sanctioned phishing tests in 2015 from multiple security awareness vendors and found 30 percent of phishing messages were opened by the target across all campaigns. About 12 percent went on to click the attachment or link and thus enabled the attack to succeed.
How can organizations guard themselves against phishing attacks?
The best, and first, way to defend your organization against a phishing attack is to ensure that your anti-virus, anti-spyware, and any anti-malware applications are maintained and up-to-date at all times so that you can filter emails before they reach your employees.
Ensure that your software, applications and operating systems are maintained and up-to-date and that all patches have been installed so that hackers can’t take advantage of known vulnerabilities.
Talk to your employees
Educating all your employees, from the senior leadership team to the most junior employee, is crucial. After all, it takes a human being to read the email and click on the link for the malware to be installed. There is a growing trend of hackers researching their targets and targeting those with financial authority so it is important that those in your organization who have banking credentials, etc. are particularly aware of the possibility of receiving phishing emails.
If someone does click…
Oops! But it’s not a disaster just yet. The first thing that the user should do is report it. It is a good idea to give your employees an easy way to report anything that seems ‘phishy’, this could be through a form on your staff intranet or an app on their mobile device. Then protect the rest of your network from the compromised computer, laptops or mobile device.
Implement monitoring systems that can highlight any suspect activity; this could include potential exfiltration of data to remote hosts, privileged user access or suspicious connections. By doing so you’ll increase the chances of stopping the attack before it
The sad news is that phishing works, that’s why it is so popular as a form of attacking. Small and medium-sized need to be aware that it is increasingly likely that they will be subject to a phishing attack and they need to put in place processes to stop them in the first place and deal with them if they do happen.
At Message Labs Africa, we are here to help protect and secure your email system & company communication from these phishing threats, Spam & junk, and other messaging related malware.
Stay Safe !