You are currently viewing How Likely Is It That My Company Will Fall Victim To A Phishing Attack?

How Likely Is It That My Company Will Fall Victim To A Phishing Attack?

As someone rightly said, there are two types of companies, those who know they have been hacked and those who do not. Phishing attacks are rampant and are slowly increasing in complexity with each passing day as cyber adversaries invent sophisticated tools and techniques. Organizations must evaluate their cybersecurity posture and probability of falling victims to such attacks and should take necessary control measures against them.

Phishing is a social engineering attack that is increasing in numbers worldwide, year after year, that can threaten even the most well-prepared of organizations. This cybercrime method is widely used among threat actors, with 65% of all organizations in the US being victims of successful phishing attacks in 20191. Since successful attacks cost organizations $3.7 million on average, phishing is a significant cause of concern2. SME leaders may find themselves wondering about the odds of their organization falling victim to phishing attacks. Such questions and more are discussed below.

Is My Organization Vulnerable to Phishing Scams?

Organizations must familiarize themselves with phishing if they are to combat it; a popularly accepted phishing definition states that phishing is a social engineering-based cyberattack where adversaries obtain sensitive information from victims by pretending to be trusted entities such as the government, a bank, or a C-level executive. These attacks are meant to gain trust and exploit users’ psychological vulnerabilities to divulge personal information or finances.

Some users may assume that their organization will remain unaffected by phishing attacks. The data, however, points to a different picture. 88% of organizations around the world experienced a phishing attack in 20193. The fact that significant tech organizations have fallen victim to social engineering-based attacks like those in a phishing email in the past proves that no one is safe.

For instance, influential organizations like Sony, Facebook, Google, and Twitter have fallen victim to phishing attacks. In Google and Facebook’s case, more than $100 million was paid out unknowingly before the adversary was caught4. Statistics about employee preparedness paint a dismal picture. Keepnet labs have shown that one in three employees will likely click links in phishing emails, exposing organizations to malware. Furthermore, one in eight employees tends to share information that a phishing email requests5.

Adversaries are also known to capitalize on trends and themes to victimize more people.

Adversaries Capitalizing On Coronavirus: Security Intelligence

Are Small Organizations or Sole Proprietorships Safe?

Phishing attacks also target individuals and smaller organizations. Such organizations are even more vulnerable as they often do not have the necessary training needed to counter social engineering attacks. Statistically, the average proprietor is likely to receive and fall victim to a phishing attack. These numbers prove the same point:

  • 64% of Americans have never even checked whether they were victims of a data breach6.
  • More than 50% of Americans are unaware of what steps must be taken in the event of a data breach6.
  • Globally, 97% of people failed to identify a sophisticated phishing email7.

Phishing Attacks Are Increasing in Complexity and Volume

The evolving threat landscape poses significant challenges to organizations. For example, phishing attacks are increasingly occurring through social media. In such social phishing attacks, malicious actors send a message with a malicious link. People are even more likely to open such a message than they are with a phishing mail. In 2019, Facebook saw a 196% growth in such malicious messages8. AI/ML technology also poses a significant threat – in the first cyberattack of its kind, a CEO fraud based on AI-generated voice-phishing was used to steal $243,000 from a UK Energy Firm9. Cyber adversaries are not far behind when it comes to leveraging the latest technology, which is why it is crucial to remain a step ahead of them to keep the confidentiality, integrity, and availability of your organization’s information assets intact!

Conclusion

Organizations must understand the severity of the challenge facing them to protect their systems from phishing attacks. Organizations must start investing in AI-ML (Artificial Intelligence-Machine Learning) based anti-phishing and anti-malware solutions. An average employee training and security program can bring 50-fold cost savings related to phishing, while even the worst bring 20-fold benefits10. Taking a cybersecurity expert’s help has become today’s need for organizations and can go a long way as it will allow them to focus on their core business activities.

References
Data Breach Investigation Report (By Verizon, 2020)
Retrieved from:

https://enterprise.verizon.com/en-gb/resources/reports/dbir/

Phishing Statistics: The 29 Latest Phishing Stats to Know in 2020 (By Casey Crane, April 22, 2020)
Retrieved from:

Proofpoint State of the Phish Report (By Proofpoint, 2020)
Retrieved from:

https://www.proofpoint.com/sites/default/files/gtd-pfpt-uk-tr-state-of-the-phish-2020-a4_final.pdf

5 of the Biggest Phishing Scams of All Time. (By Amy Daly, n.d)
Retrieved from:

https://www.inky.com/blog/5-of-the-biggest-phishing-scams-of-all-time

Top 5 industries that fall victim to phishing scams (By Jurgita Lapienyt? October 28, 2020)
Retrieved from:

https://cybernews.com/security/top-5-industries-that-fall-victim-to-phishing-scams/

110 Must Know Cybersecurity Statistics For 2020 (By Varonis, 2020)
Retrieved From:

https://www.varonis.com/blog/cybersecurity-statistics/

97% Of People Globally Unable to Correctly Identify Phishing Emails (Business Wire, n.d)
Retrieved from:

A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 (By Jesse Damiani, September 3, 2019)
Retrieved from:

https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/?sh=6589e3a72241

The Cost of Phishing & Value of Employee Training (Ponemon and Wombat, 2015)
Retrieved from:

https://info.wombatsecurity.com/hubfs/Ponemon_Institute_Cost_of_Phishing.pdf