Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email.
Why is phishing so popular among fraudsters, and why are they so successful?
1. Users are the weak link in the chain
According to the report, phishers are adept at exploiting ignorance, negligence and human nature. Employees can be easily tempted to download a file or click a malicious link. They need to be informed of the consequences and trained to be suspicious of any unexpected emails that they receive, especially from unknown senders.
2. Organisations are not performing sufficient due diligence
Organisations are not doing enough to reduce the risks associated with phishing and ransomware. They frequently fail to put adequate backup processes in place, identify the users who need further training or implement strong internal control processes to prevent CEO fraud (such as double confirmation for bank transfer requests).
3. Criminal organisations are well funded
Access to funds, generally from previous attacks, increases cyber criminals’ ability to nurture their technical skills and develop more sophisticated attacks. Because of this, experts advise victims of ransomware attacks not to pay up.
4. Widespread availability of low-cost phishing and ransomware tools
The availability of phishing kits and the rise of ransomware-as-a-service (RaaS) has allowed wannabe criminal hackers to get into the market and compete with sophisticated criminal organisations.
Fight phishing and ransomware attacks with a cohesive approach
To prevent or mitigate these attacks, organisations need to develop a cohesive cyber security strategy that encompasses people, processes and technology. They should:
- Raise awareness of phishing through staff awareness programmes or dedicated e-learning courses;
- Develop processes that help staff take the best course of action in case of attack; and
- Implement technology that can prevent attacks.