Phishing: Are you prepared to protect your business?

October 31, 2022

Phishing: Are you prepared to protect your business?
It is well known that employees are the weakest links in any IT environment – and that they are ultimately the last line of defense of a cyber related attack.

In a recent study, 95% of data breaches were attributed to human error. And while human error can encompass a wide variety of actions, most are tied to phishing related attacks. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity. Phishing also includes trying to deceive a user to click on a link or open a malicious attachment to obtain information and/or infect the devices.

In 2021, 83% of businesses reported being a victim of a phishing attack, an increase from 76% in 2020. Researchers suspect that 6 billion attacks will occur in 2022 – and that approximately 30% of users opened phishing emails. 12% of those who opened phishing emails later opened the infected links or attachments. Cyber criminals are continuously looking at ways to mask and deceive the end user. One common way is masking the attack by utilizing commonly known file types – for example, 38% of malicious attachments are masked as one Microsoft Office type of file or another.

And since employees are that last line of defense, it is concerning that in several recent high-profile attacks multifactor authentication (MFA) has been bypassed, thanks to “MFA fatigue.” That happens when so many notifications are sent that the victim eventually just approves the login. The maintenance of a strong cyber security culture, including layered security controls, such as multifactor authentication (MFA) is a key component to combat the threats, but it needs to be combined with properly educating, testing, and training.

At Herbein | FOS Risk Management, we have dedicated professionals who focus on information technology, information security, and cyber security 100% of the time. Contact us for a social engineering assessment, or cyber health assessment checkup on your organization’s cyber exposures and risks.

Read more about our IT Risk Management Services here.

New call-to-action

For additional information, contact us through the form below.

Article prepared by Jeff Johns.