As someone rightly said, there are two types of companies, those who know they have been hacked and those who do not. Phishing attacks are rampant and are slowly increasing in complexity with each passing day as cyber adversaries invent sophisticated tools and techniques. Organizations must evaluate their cybersecurity posture and probability of falling victims to such attacks and should take necessary control measures against them.
Phishing is a social engineering attack that is increasing in numbers worldwide, year after year, that can threaten even the most well-prepared of organizations. This cybercrime method is widely used among threat actors, with 65% of all organizations in the US being victims of successful phishing attacks in 20191. Since successful attacks cost organizations $3.7 million on average, phishing is a significant cause of concern2. SME leaders may find themselves wondering about the odds of their organization falling victim to phishing attacks. Such questions and more are discussed below.
Is My Organization Vulnerable to Phishing Scams?
Organizations must familiarize themselves with phishing if they are to combat it; a popularly accepted phishing definition states that phishing is a social engineering-based cyberattack where adversaries obtain sensitive information from victims by pretending to be trusted entities such as the government, a bank, or a C-level executive. These attacks are meant to gain trust and exploit users’ psychological vulnerabilities to divulge personal information or finances.
Some users may assume that their organization will remain unaffected by phishing attacks. The data, however, points to a different picture. 88% of organizations around the world experienced a phishing attack in 20193. The fact that significant tech organizations have fallen victim to social engineering-based attacks like those in a phishing email in the past proves that no one is safe.
For instance, influential organizations like Sony, Facebook, Google, and Twitter have fallen victim to phishing attacks. In Google and Facebook’s case, more than $100 million was paid out unknowingly before the adversary was caught4. Statistics about employee preparedness paint a dismal picture. Keepnet labs have shown that one in three employees will likely click links in phishing emails, exposing organizations to malware. Furthermore, one in eight employees tends to share information that a phishing email requests5.
Adversaries are also known to capitalize on trends and themes to victimize more people.
Are Small Organizations or Sole Proprietorships Safe?
Phishing attacks also target individuals and smaller organizations. Such organizations are even more vulnerable as they often do not have the necessary training needed to counter social engineering attacks. Statistically, the average proprietor is likely to receive and fall victim to a phishing attack. These numbers prove the same point:
- 64% of Americans have never even checked whether they were victims of a data breach6.
- More than 50% of Americans are unaware of what steps must be taken in the event of a data breach6.
- Globally, 97% of people failed to identify a sophisticated phishing email7.
Phishing Attacks Are Increasing in Complexity and Volume
The evolving threat landscape poses significant challenges to organizations. For example, phishing attacks are increasingly occurring through social media. In such social phishing attacks, malicious actors send a message with a malicious link. People are even more likely to open such a message than they are with a phishing mail. In 2019, Facebook saw a 196% growth in such malicious messages8. AI/ML technology also poses a significant threat – in the first cyberattack of its kind, a CEO fraud based on AI-generated voice-phishing was used to steal $243,000 from a UK Energy Firm9. Cyber adversaries are not far behind when it comes to leveraging the latest technology, which is why it is crucial to remain a step ahead of them to keep the confidentiality, integrity, and availability of your organization’s information assets intact!
Organizations must understand the severity of the challenge facing them to protect their systems from phishing attacks. Organizations must start investing in AI-ML (Artificial Intelligence-Machine Learning) based anti-phishing and anti-malware solutions. An average employee training and security program can bring 50-fold cost savings related to phishing, while even the worst bring 20-fold benefits10. Taking a cybersecurity expert’s help has become today’s need for organizations and can go a long way as it will allow them to focus on their core business activities.
Data Breach Investigation Report (By Verizon, 2020)
Phishing Statistics: The 29 Latest Phishing Stats to Know in 2020 (By Casey Crane, April 22, 2020)
Proofpoint State of the Phish Report (By Proofpoint, 2020)
5 of the Biggest Phishing Scams of All Time. (By Amy Daly, n.d)
Top 5 industries that fall victim to phishing scams (By Jurgita Lapienyt? October 28, 2020)
110 Must Know Cybersecurity Statistics For 2020 (By Varonis, 2020)
97% Of People Globally Unable to Correctly Identify Phishing Emails (Business Wire, n.d)
A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 (By Jesse Damiani, September 3, 2019)
The Cost of Phishing & Value of Employee Training (Ponemon and Wombat, 2015)