Phishing is Changing – Can You Change Too?
Phishing attacks can leave enterprises of all sizes vulnerable. One single successful phishing attack can result in a number of consequences for a small business, including loss of important data, a compromised system, brand damage and expensive recovery costs. The increased digitization of businesses, the popularity of online billing operations and the growth of eCommerce are all factors in the prevalence of phishing campaigns.
Small businesses are particularly at risk because they typically lack the dedicated resources, like an IT department or significant financial assets, to thwart such attacks. With that in mind, Small business decision makers may find it difficult to determine what can be done about their phishing vulnerabilities.
Understanding the New Phishing Problem
According to the 2019 SonicWall Cyber Threat Report, the number of recorded phishing attacks fell by 4.1 percent in 2018 to 26 million. Even though small businesses have become more proficient at blocking phishing attacks in recent years, the decline in the number of phishing attacks cannot be completely attributed to their efforts.
An important factor in the reduction of attacks is how criminals have changed their phishing tactics by becoming more creative and focused. Instead of implementing global campaigns, they are now executing spear phishing, or attacks that are sent to specific parties in an enterprise, typically targeting those employees who are responsible for the financial aspects of a business.
If they are preoccupied with completing their work tasks and do not closely examine their emails, employees can easily fail to detect phishing attempts. Attackers are using very sophisticated emails that are designed to resemble emails with legitimate professional branding from trusted clients. The malicious business emails, which often requests sensitive data from the recipient, can also be designed to appear as if they were sent from high-level executives.
Phishing attackers are also using tools that the employees at your company are using regularly, such as Microsoft Office and PDF files, as email attachments to spread malware and ransomware. The same SonicWall report states that for the third consecutive year, malware attacks have increased, with 10.52 billion malware attacks recorded in 2018. In that same year, there were 206.4 million occurrences of ransomware, a statistic that is an 11 percent year-over-year increase.
Arming Your Small Business against Phishing Attacks
In addition to not having an internal IT department or substantial financial resources, a smaller workforce with procedures that are less stringent than those at larger enterprises means that small businesses will continue to be prime targets of phishing. The question on the minds of many small business decision makers is what can be done to safeguard their organization against the destructive attacks? The answer is to be more vigilant.
The changes that are occurring in the phishing landscape mean that small businesses have to also make changes to protect their customers and assets. There is virtually no way to accurately predict the evolving tactics phishing attackers will try to obtain sensitive data.
However, because the focused phishing attacks are targeting mostly employees, you can establish an anti-phishing plan that ensures your employees are properly educated about the current trends in phishing schemes. Email security as a part of a proactive network security strategy has become a priority for business leaders looking to significantly reduce risk. Additional security measures should include, at minimum, the use of mandatory complex passwords and the enforcement of regular password changes.
Given the substantial financial and intangible consequences associated with a successful phishing attack, not properly protecting your small business can result in catastrophic outcomes that will be difficult to overcome. Having a proven security solution is critical for effective protection from online threats.