In 2016, companies in the financial services sector were attacked 65% more often than those in any other industry, as reported by IBM X-Force Research. Over 200 million records were breached – a 937% increase compared to 2015.
Source of the attacks
Attacks were caused by:
- 42% outsiders
- 58% insiders – split between 5% caused by malicious actors and 53% due to an inadvertent actor, defined as “a compromised system carrying out attacks without the user being aware of it” – in simple words, a careless employee. This is made possible by malicious email attachments, phishing and clickjacking.
Beware of the business email compromise
Of all types of phishing attacks, the business email compromise (BEC) scam is the most sophisticated and dangerous. Cyber criminals pose as employees of a legitimate company that regularly does business with the victim (usually a supplier) and by taking advantage of the good faith (or lack of suspicion) of inattentive employees, they request money transfers. Many companies have fallen for the scam, even the likes of Google and Facebook.
Three tips to fight phishing attacks
The more your staff are aware of how phishing works, the more they can protect your organisation from being the next victim. Here are three tips you can follow:
- Encourage your staff to report suspicious emails to your IT department.
- Raise awareness of phishing using different approaches – quizzes, activities, examples, all of which are included in the Phishing Staff Awareness Course.
- Simulate phishing attacks at regular intervals to test your employees’ readiness.