How to protect your business from spear phishing attacks

Has your company ever been targeted by a spear phishing attack? You’re right to hesitate. It’s a difficult question to answer because there isn’t really a good answer. If you say no, nobody will believe you, and if you say yes, you’re admitting that your company has failed to defend itself against cyber crime – something stakeholders, customers, insurers and regulatory bodies won’t want to hear.

Spear phishing – targeted scams that con you into handing over sensitive or privileged information by pretending to be from someone you know or trust – are now commonplace. And because they’re so much more plausible than ordinary phishing attacks, they’re a lot more successful. A recent survey conducted by Cloudmark agrees, calling spear phishing “a highly effective way to gain access to a company’s or agency’s resources.”

The survey found that almost two thirds of IT decision makers put spear phishing in their top three security concerns, with 20% saying spear phishing was the top threat facing their company. The threat isn’t merely theoretical, either: 84% of respondents admitted that their network had been successfully breached by a spear phishing attack in the last year. 90% of these attacks came via email, 48% via mobile platforms and 40% via social networks.

You never think you can be the target

You may be thinking that you can’t be a target as your company isn’t as important as big international corporations that have so much to lose in terms of reputation and money. You might even believe that even if you are targeted you can’t be breached because you have good security defences in place. But you’ve probably forgotten the most important and unpredictable player in your fight against cyber crime: your staff.

44% of IT professionals (54% of IT professionals in the UK) declared that their employees were their company’s “biggest spear phishing liability”. No one is safe, either: 44% of attacks targeted IT staff, 43% finance staff and 29% sales staff (not to mention CEOs, who were targeted by 27% of total attacks).

Train your employees to be frontline soldiers

The best way to combat spear phishing is to ensure that your staff are fully aware of the threat. IT Governance has developed its Phishing Staff Awareness Course to help your staff understand how phishing attacks work, what tactics cyber criminals employ, and how to spot and avoid phishing campaigns. Furthermore, you can simulate a phishing attack to test your employees’ threat awareness. With our Simulated Phishing Attack, you can assess your staff’s awareness of phishing attacks and take remedial action to address any security gaps.