For all the AntiVirus solutions we invest in, for all the time spent setting up firewalls and endpoint security and for all the headlines about cyber-crime and staggering GDPR fines, businesses are still getting thwarted by simple misspelled emails. That’s according to statistics from the Department for Digital Culture, Media and Sport at least.
The department’s Cyber Security Breaches Survey 2019 named phishing attempts as the most common cyber-attack, affecting 80% of UK businesses who identified themselves as victims of cyber-crime. Considering the most common, non-criminal cause of a data breach is little more than human error, the evidence is clear; Phishing, however crude, is still conquering our human firewall.
There are multiple ways that a phishing email alone can scupper your personal defences, and with a staggering 3.4bn phishing emails sent out every day, scammers don’t need to pick off individuals - they can just “spray and pray” with impunity. The logic is simple, if not indisputable; eventually, they’re going to get a bite.
That might be why the persistent phisher is so regularly changing their bait. One victim might not be so willing to share their personal details online, but they might yet be willing to open an infected file, if the reasons to do so are convincing. They might even be fooled by attempts at impersonation – not least if the scammer can convincingly mimic an existing email address.
The statistics surrounding phishing go hand-in-hand with the statistics around human error. Security firm Kroll reports that most data breaches aren’t from cyber attacks at all, but instead from the careless handling of data. In fact, a basic security blunder was 7 times more likely than a targeted hacking attempt. These statistics are music to a Phisher’s ears – confirming that there’s always somebody in a business who’ll let the goods slip.
Dedicated Phishing Awareness Training helps keep your team on top of common phishing techniques, while identifying cyber security training requirements within your organisation. Similarly, an endpoint security solution such as Webroot provides more automated protection – regularly updating to recognise phishing attempts before they reach your inboxes.
So long as we’re vulnerable to the everyday human foible, there’ll always be an avenue for opportunistic phishers. But with a vigilant eye and regular practice, we’ll always be able to shake off the threat that they’ll ever get their hooks into us.
As cyber security experts, Mirus specialise in protective solutions for small to medium businesses, as well as Managed IT Services for all your technical requirements.
Learn More about Preventing and Recovering from Phishing Attempts in our FREE eBook.
In one of our latest eBooks, you'll find useful information regarding preventing and recovering from phishing attempts along with other cyber threats.
Click below to download.