Beaming recently published new research that revealed the impact of cyber crime on UK businesses in 2016. 2.9 million British companies were hit by some sort of cyber crime at a total cost of £29.1 billion.
Phishing was the most common type of attack (affecting 1,299,178 businesses), followed by computer viruses (1,288,547 businesses) and hacking (1,022,781 businesses). Although ransomware ranked last in terms of the number of organisations affected (388,858), it ranked first in terms of financial losses (£7,356,060,699), followed by phishing (£5,923,634,311) and social engineering (£5,350,684,088).
Why was phishing so popular?
Phishing was popular last year and remains so because:
- It’s easy to target a high number of people, and the more people targeted, the higher the chance of success (just think of how the numbers increase if recipients of phishing emails are tricked into forwarding the message to their contacts);
- Many phishing tools can be found online, making life easier for unskilled hackers to get started with their hacking career;
- It can be used in conjunction with other attacks, like malware and ransomware;
- It exploits human weaknesses rather than network and system vulnerabilities, and people are easier to manipulate than technical controls.
How to defend against phishing attack
Phishing attacks can be mitigated by blocking phishing emails before they reach your staff’s inboxes. There is software available to help you detect and block these threats, but they cannot guarantee 100% protection. Spear-phishing attacks often get through email filters. One example of this is CEO fraud, in which attackers spoof a CEO’s email address to fool low-level staff into wiring money or forwarding sensitive information. Many big companies like Snapchat, Mattel and FACC have fallen for this fraud.
Once the phishing email arrives in your staff’s inboxes, your company’s security is in their hands. That’s why the more they know about phishing attacks and ransomware, the better equipped they are to spot threats and act accordingly. The cost-effective and time-saving way to train your whole staff is with e-learning courses: our Phishing Staff Awareness E-learning course can provide your employees with everything they need to know about how phishing attacks work, how to spot them and best practices to follow to stay secure.