What is phishing?
That’s a simple enough question, but it has a very impactful answer for business leaders. And, it’s an issue that businesses should be paying attention to, because phishing is here to stay. Phishing occurs when a malicious actor impersonates a reputable entity in order to learn important information like login credentials, account information, or industry-specific data from an unsuspecting victim. Phishing can occur through many channels, including email, instant messaging, text messages, and even through phone conversations.
The Anti-Phishing Working Group (APWG), a coalition of more than 2,000 companies around the globe that advises governments, trade organizations, and other groups, reported phishing attacks were just under 124,000 attacks in the second half of 2014, being the most reported since the second half of 2009.
As a consumer, you could lose credit card information or other sensitive identifying information through a phishing scam. As a business owner, your company’s safety, competitiveness, and privacy are at risk when one of your employees is successfully “phished.” Here’s a look at why the threat of phishing isn’t going anywhere, and some tips on how to keep your business safe.
Proliferation of Phishing in the Information Age
Phishing has become a popular form of cyber-attack because of our society’s reliance on digitized information. The more information there is on digital servers, the more valuable passwords and other identifying pieces of information that can lead to data access become. Currently, malicious phishers sell passwords on the black market, and as long as these markets for phished material exist, phishers will have an economic incentive to keep stealing data.
This produces somewhat of a “catch 22” for business owners. In order to remain competitive, business leaders can’t turn away from the convenience and efficiencies that digital data systems produce. But, the more important information companies store on servers, and the more they rely on digitized information, the more devastating an attack by a malicious phisher can be.
Again, phishing isn’t going anywhere. In fact, the methods used by malicious actors to “phish” for data are becoming more advanced, and the continued importance of digital data storage means there is a constant and growing incentive for phishers to develop new and aggressive attacks. So, if the threat of phishing isn’t likely to disappear any time soon, what can you do as a business leader?
“Lock Maker” vs. “Thief” Syndrome
Currently, many businesses address the threat of phishing by shoring up technological weaknesses in their companies, and treating their defense against phishing like a lock maker constructing a more elaborate and difficult-to-break lock. While this is a good defense, you should not stop there.
Malicious phishers are constantly thinking of new ways to break through technological solutions. This is because phishing relies so heavily on human error, and there’s no good tech solution to completely stop people from making mistakes. What’s the use of a good lock if someone in your home has a tendency to let thieves in?
Simulated Exploit Testing
If phishing isn’t going anywhere, and building better “locks” isn’t the complete answer for most business leaders, what can be done to protect companies from successful phishing attacks? Simulated Exploit Testing and subsequent follow-up training is a great approach to take.
With Global Learning System’s (GLS) online Simulated Exploit testing, you will have the option to incorporate our Anti-Phishing Training Essentials course, Best Practice Module, and Security Short Videos as follow-up training options.
With our exploit testing, we work with organizations to target different departments and simulate phishing attacks to track employee responses and discover educational gap areas. From there, we deliver the responsive training options to employees that have demonstrated weaknesses around phishing security, delivering applicable information where it is most needed before a real attack damages your company.
Factors That Aid Phishing
Experienced phishers are experts at exploiting human error and capitalizing on different factors that aid in their malicious attacks. Our society’s reliance on technology, and specifically our social media culture, can do a lot to aid phishers. The information posted on social sites gives attackers background information to use in targeted and sophisticated phishing messages, making the claim seem familiar and legitimate. Social sites that list birthdates, names of children, and anniversary dates provide attackers with answers to your security questions. Furthermore, economic and social factors, like the size of the market for stolen data, make phishing more attractive and aid in the development of phishing scams.
While the threat of phishing isn’t going anywhere, it doesn’t mean there isn’t a lot you can do to protect your company. The best way to make sure your data is safe is to approach the real vulnerability that makes phishing possible: human error. Simulated exploit testing, reinforced with follow-up training is a great way to drive awareness and prevent a breach.