With the UK Government estimating that cybercrime costs the UK economy £2.7 billion per year, and phishing attacks acting as the most common cyber threat business face, IT experts have revealed what businesses should look out for and steps they can take in an attempt to prevent the attacks.
Last year, phishing attacks – a ploy by criminals to access valuable information and data by masking their identity – rose by over 30% (31.5%) and recent studies show that September 2021 saw the number of attacks double from the previous year.
In an attempt to help businesses prevent falling victim, London’s leading IT support company Totality Services has shared information on how to identify phishing attacks, the risks posed and steps to take to mitigate them.
WHAT ARE PHISHING ATTACKS?
Phishing attacks predominantly occur via email. Hackers deploy sophisticated techniques (such as ‘spoofing’, where the email appears to originate from a legitimate source) to mask their intentions and fool employees into doing their bidding.
What this means in practice is fairly straightforward:
- A hacker conveys a message to a user (via text message, social media, email or over the phone) that attempts to trick the user into surrendering information
- Once the user has either followed a link to a malicious website, or downloaded a corrupt file, the hacker is able to extract data or login information from the network that grants them wider access to multiple data sources and/or business systems
- The hacker then either demands a ransom for restoring the company’s access to their own data, threatens to publicise the attack, steals it or offers it for sale on the dark web
WHAT ARE THE EFFECTS?
In 2020, approximately £2.3 billion was lost to direct online theft, or the theft of customer data. Given that phishing is the most common attack vector experienced by UK businesses, it’s reasonable to assume that a sizeable portion of this resulted as a direct consequence of some form of phishing attack.
Further damage comes from the cost of the necessary remedial action that businesses are forced to take in the event of a successful attack. Entire networks facilitating hundreds of users are forced offline to mitigate further damage; business critical financial systems that facilitate payments may need to be paused and costly system upgrades to antivirus platforms need to be enacted immediately, and without proper planning.
Quite often, it’s not the financial damage incurred from an attack that wreaks the most havoc – it’s what happens to a firm’s relationships with its customer base, once they are forced to acknowledge that their clients’ data is now in the hands of criminals’ intent on exploiting it for financial gain.
In 2019, leading global risk management consultants discovered that in the event of an intrusion, brand damage costs more to a business than any resulting loss of working capital or man hours.
Regardless of the chain of events that led up to a breach, client confidence is not easily restored. In the eyes of the customer, culpability for the breach all too often falls at the feet of the business in question, rather than the criminals who stole the data.
HOW CAN PHISHING ATTACKS BE PREVENTED?
Cybersecurity & BUDR
Advanced email protection platforms scan incoming email for malicious links and deploy a quarantine zone for suspect messages to either be permanently deleted or released as legitimate. Such platforms are based upon globally maintained lists of files and email domains that pose a threat, drawn from the collective research of the world’s leading cybersecurity experts.
In addition to gateway security, centralised antimalware detection should be in place throughout your organisation’s entire asset list, along with a robust and well-maintained backup schedule to guarantee business continuity in the event of an emergency.
No cybersecurity system is 100% effective at stopping external threats at source, and malicious communication sometimes finds a way to reach all levels of employees. This is precisely why staff should be made constantly aware of the ways in which criminals attempt to circumvent security systems by communicating with them directly.
Read the latest edition of PCR’s monthly magazine below: