Phishing attacks are the number one threat facing businesses around the world.
81% of companies have experienced an increase in email phishing attacks since March 2020.
Phishing attacks involve attackers using fake email addresses to try and trick people into giving away their passwords or financial information.
A common method of phishing attack is account compromise. This involves sophisticated cyber-criminals taking email addresses from websites such as LinkedIn and impersonating them, emailing people from the same company and asking them to reveal information.
Phishing attacks are continuing to grow more common. Studies have shown that 25% of all data breaches originate with a phishing attack. People are at great risk from falling for these scams.
Let’s take a look at the top three most damaging phishing attacks on businesses:
1) Google and Facebook taken for $100 million each
Google and Facebook are two of the biggest companies in the world. But even they have been caught hook, line and sinker by Phishing attacks.
In 2014 Phisher Evaldas Rimasauskas impersonated a large hardware manufacturer.
For two years Rimasauskas sent Google and Facebook fake invoices, making over $200 million dollars before being caught.
2) Sony Pictures hack causes leak of over 30,000 documents
This is one of the most famous examples of how phishing attacks can catch more than just money. A group attacked Sony after they refused to withdraw a film mocking North Korean leader Kim Jong Un.
This targeted attack used more than just fake emails. Hackers actually gained access to Sony’s building by tricking employees. They impersonated IT staff, then used their credentials to plant malware on Sony’s systems.
This led to the leaks of tens of thousands of employee’s personal information, film scripts and highly confidential personal emails.
3) RSA Security allows access to US Defense Suppliers networks
One of the most ironic attacks was on a well-known cyber security company. RSA Security offers cybersecurity to a range of businesses and departments of the US government.
But all it took was one employee from their own company to leave their systems vulnerable. In 2011, an attacker sent out an email titled ‘2011 recruitment plan’ to a small group of employees.
The email was loaded with a virus contaminated Excel file. One person opened this file, which gave the attacker access to other employees passwords, and thus the whole system became vulnerable.
This gave the attacker access to many US government departments and US defence suppliers networks.
So how can you protect your business from a phishing attack?
You may read the stories of multi-billion dollar companies being hit by phishing attacks and think it’s impossible to prevent. But this isn’t the case, and the risks can be minimized through a combination of:
- Training employees to spot phishing attempts
- Employing a layered approach to email security using both email security at the gateway and either advanced threat protection or AI-based email security
Implement Effective Email Security
Implementing a Secure Email Gateway should your first line of defense against phishing attacks. Email Gateways act as a firewall for your email communications, blocking any emails containing malicious content. They can also detect domain spoofing, protecing users from email that is impersonating one of your legitimate contacts.
Alongside email gateways, businesses should also consider implementing Post-Delivery emaill protection. Post-Delivery Protection platforms sit within your email inbox, and use machine learning systems to detect and remove phishing attacks using data from anti-virus engines and global intelligence networks. They also allow users to report emails as phishing attacks and give users the ability to remove these emails automatically. They also allow admins to place warning banners on suspicious emails, helping to reduce the likelihood that users will fall for phishing attacks.
Read Next: Verified end user reviews of the top Email Security solutions.
Security Awareness Training of Employees
27% of employees will fall prey to phishing emails. Getting employees trained to identify and report suspicious looking emails should be your first line of defence against attacks. There are a range of companies selling Security Awareness Training, which does exactly that. These companies send out simulated phishing campaigns and then provide training and education to employees that need it.
Read Next: Verified end user reviews of the top Security Awareness Training Platforms.
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions.