Menu
By Cian Fitzpatrick | 20th June 2024
Itās old news that email phishing is the number one culprit of security breaches.Ā
Phishing emails account for 67% of all cyber espionage. But the silver lining is that phishing awareness is growing and the cybersecurity community is taking fiercer action in combating this form of crime.Ā
As a cybersecurity professional reading this, you might be starting to feel a sense of a growing global support network. The pressure on security personnel has always been enormous and this is acknowledged by security vendors to a greater extent nowadays.Ā
Unfortunately, the weakest link for cybercriminals is us. Each and every one of us.
Human fallibility, gullibility, ignorance, negligence ā these are universal traits. This makes each of us a cybercriminalās target market. āSocial engineeringā is the term used to describe how weāre manipulated and deceived into providing access to a system or providing information or data directly. These manipulation tactics include things like urgency (ārespond within 24 hours, or elseā¦ā), greed (āget this ā¬100 item for just ā¬30ā), fear (āyour bank account has been hackedā), compassion (on social media, a message from a āfriendā ā a cloned profile āĀ in āurgent need of moneyā). And while many of these warning signs are old-hat for IT professionals, itās easy to forget that users need to be regularly reminded of these, and other red flags.
Other red flags include unusual or incorrect grammar or strange turns of phrase.Ā
Scammers tend not to be English first-language speakers, who use translation programmes, leading to some suspiciously odd language. When poor language is combined with the tactics previously described, chances are high that the email is fraudulent. Add in a link, or attachment, and the message is: Be Careful! A scammy URL is often fairly easy to spot, if you know what to look for. The domain name might be different to the supposed company name, or spelt slightly differently, or with numbers, a prefix, or without the HTTPS protocol. Graphics in a scam email may be of poor quality or even show inconsistencies with the actual branding.Ā
Emails from senior staff requesting information or access details should also be viewed with caution. Thereās nothing like picking up the phone and checking before responding and users should be encouraged to check with their IT colleagues if an email is suspicious before taking action.
In a report earlier this year, it was found that cybercrime cost the UK economy Ā£30.5bn last year, with 1.5m businesses being affected. Small-to-medium businesses were 42% more under attack and costs related to cybercrime rose by almost 400%. Large businesses and one-man businesses experienced a slight decrease in attacks, although the related costs didnāt decrease. And the main culprit? Phishing.Ā
While the direct cost of an attack can be pretty accurately calculated, itās the reputational cost, the cost on employeesā health, enduring brand damage, and so on, thatās impossible to quantify.
Phishing prevention training is crucial for staff right now. This includes not just theoretical training, but also phishing attack simulation training. Itās important to note that there is an āacceptableā failure rate in each industry that acts as a benchmark for security testing programmes. Ideally, there would be no acceptable failure rate, but the fact is, some people will fail, and will require further training.Ā
Cybersecurity teams are under enormous pressure currently. With a keen focus on online security, the spotlight is firmly on this department. But itās important to know that there is support.
Our Managed Phishing Awareness Training solution offers your business the following:
Topsecās team is focused not only on developing and maintaining security systems, but also on supporting the experts out in the field.
Contact us today to learn more.
Deep dive into some of the online risks and how you can protect yourself from these risks.