The post-pandemic digital age presents several new and exciting opportunities for organizations. However, rising digitization has also led to an unprecedented rise in cybercrime. Sophisticated, rapidly evolving phishing attacks have become a part of the “new normal.” A research shows that 75% of all enterprises faced a phishing attack in 2020. Another research reported a 667% rise in COVID-related spear phishing attacks from February to March 2020. The trends show that phishing is here to stay, but enterprises can take several anti-phishing measures to keep their assets safe.
Awareness is the first step necessary to protect yourself from phishing. Phishing is a social engineering attack that exploits human psychology to bypass technical defenses. For example, an adversary may pretend to be a trusted entity like the IRS and get victims to click a malicious link or divulge confidential information. Organizations must understand how the attacks work and use anti-phishing solutions accordingly. Spear phishing, for instance, uses a highly targeted email that uses personal information to get a victim to divulge information. Here are some recent statistics to give you an idea about this rising threat.
Recent Phishing Statistics For 2020 – 2021
The following alarming statistics show how critical using phishing prevention best practices is:
- The FBI has found that phishing was the single largest cybercrime in 2020. Reported phishing attacks doubled in frequency from 114,702 attacks in 2019 to 241,324 in 2020.
- Google reported 2.1 million phishing websites registered as of January 17, 2021, up from 1.69 million last year.
- The SANS institute found that 95% of every successful attack on enterprise systems has spear-phishing elements.
- Spear phishing and CEO fraud have seen an alarming growth, with adversaries using breached accounts for sending fraudulent emails.
Phishing: A Rapidly Evolving Global Menace For Organizations Worldwide
Cybercrime is a global menace that will cost the world $10.5 trillion annually by 2025. A successful phishing attack can be devastating to large organizations, let alone SMBs. For instance, past studies have shown that 60% of small organizations shut down within six months of a cyberattack.
Phishing attacks also continuously evolve as adversaries have enormous incentives to gain by accessing valuable information like intellectual property and medical records. For instance, cyber adversaries have now started to use email titles related to work opportunities or school updates rather than COVID-19, as people are looking for more employment opportunities, and all study-related activities have shifted online. The increasing sophistication necessitates the use of the latest and best anti-phishing software to protect information assets.
Some ramifications of a phishing attack include:
- Financial Damages: A data breach cost organizations $3.86 million on average in 2020. Such damages are not sustainable. Investigation costs, charges due to recovery and response, losses due to productivity issues, damages to revenue, litigation, and PR costs all add up and may bankrupt organizations.
- Reputational Losses: The intangible losses caused to an organization’s reputation after a data breach can amount to several million or lead to outright closure. Several organizations may even conceal data breaches initially, leading to even more significant backlashes.
- Customer Loyalty: When a data breach becomes public, it makes the customers nervous. A study in 2019 showed that 44% of customers in the UK would not associate with an organization for several months after a data breach, while 41% would not return in the event of a breach.
- Productivity Losses: Like other outages, a data breach’s primary impact is loss of productivity that can potentially happen across the organization. Employee time is consumed with cleanup duties, fixing vulnerabilities, determining causes, and incident response. Other staff may lose access to critical resources and processes.
Phishing Prevention Tips Relevant in 2021
The previous statistics and facts have shown that using advanced phishing protection is a must for all organizations. Protection from phishing attacks can be achieved using the following phishing prevention tips –
- Use Dedicated Anti-Phishing Software: Sophisticated phishing attacks may bypass average filters. However, dedicated anti-phishing solutions scan attachments, check embedded URLs, sender IP, and analyze language. Additionally, SPF, DKIM, and DMARC can prevent DNS spoofing and IP hijacking attempts.
- Strong Password Policy: A robust organization-wide password policy and measures like two-factor authentication (2FA) can prevent accounts from breaching and prevent phishing attacks. Employees should be made aware of the repercussions of having their leaked online.
- Verify financial Requests: Employees in the financial departments should personally verify requests for large financial transfers even if an email, call, or voice mail seems authentic. Sophisticated AI-based vishing attacks have been used to defraud an organization by mimicking the CEO’s voice in the past.
- Check Language in Emails: Fraudulent emails often have poor grammar and sentence formation or seek to evoke emotions like urgency or anxiety. Employees should be trained to report suspicious emails to the IT team.
- Being Cautious on Social Media: Employees should be prevented from handing out too much information on social media platforms, including professional networks, such as LinkedIn. Attackers can take emails from such platforms and match them with publicly available data to conduct sophisticated attacks for as little as $25 a month.
The problem of phishing is rising every day, both in sophistication and volume. All trends indicate that this particular social engineering attack is here to stay. Organizations must use email phishing protection software and train employees to detect and report attacks. Incident response training should also be carried out to mitigate adverse outcomes. By taking a proactive approach, phishing can be countered and information assets safeguarded.