With the advent of digital media and internet, all businesses are moving online, but with this major shift in paradigm, phishing attacks are causing serious trouble. Organisations that suffer such attacks are more likely to undergo serious financial losses with reduced customer loyalty, brand reputation, and market share. The changing scenario demands more focus on cyber security on various levels to address these threats. The idea is to identify the trends by studying phishing attack statistics so that businesses can prepare to mitigate the issues on time. As per the recent research carried by Sophos, a famous cyber security firm, phishing attacks are the prime reason behind purloining of legitimate user information in 45% of organisations in the UK.
The stats about phishing attacks:
According to a poll conducted by Sapio Research at Western Europe, around 54% directors from more than 900 IT companies revealed that they had undergone the instances where employees clicked on the hazardous links contained in the unsolicited emails. The worst part is that, even after hours of training and awareness about cyber threats, large organisations are more likely to face phishing attacks. The stats reveal that:
- The rate of phishing attacks on UK firms is almost same as that of the stats obtained from the Netherlands (44%) and France (49%); however, the stats collected from Ireland are still on some better grounds. Only 25% of Irish respondents polled that they have suffered phishing attacks within the past two years.
- According to feedbacks gathered from the poll respondents, more than 56% of companies with 500 to 750 employees have suffered huge loss due to phishing attacks. Whereas around 65% of firms reported an instance of employees sending replies to the spontaneous emails or even clicking on the troublesome links contained in those emails.
- Comparing all the figures, around 25% of firms with less than 250 employees and approximately 36% of firms having employees somewhere between 250 to 499 have suffered due tophishing attackswithin the same period of time.
- 50% of firms with less than 250 employees and 78% of firms with employees between 500 to 1000 offered special cyber security training to the staff so that attacks can be spotted on time.
- 79% of companies in the UK have already conducted awareness campaigns to improve employee’s knowledge about cyber threats; however, 18% are planning to conduct such training in the near future.
- According to Verizon Data Breach Investigations Report in 2017, more than 66% of malware were installed into target systems through malicious email attachments. Also, more than 93% of social attacks are related to phishing activities.
- Symantec Internet Security Threat Report of the year 2018 reveals that 71.4% of all targeted attacks are subjected to the use of spear-phishing emails.
How to deal with the threat?
The managing director of Sophos UK, Adam Bradley recently said that criminals are skilled to make use of social engineering to play with user credentials online; hence, even well-trained employees can slip up at certain moments. Therefore, business IT support is essential in all industry sectors.
Experts at totality services, an IT support London company, revealed that in order to deal with the phishing attacks, organisations need to motivate employees to stay vigilant about threats. It is even important to run some spot checks within the organisations to ensure that employees are following accurate guidelines and respond carefully to the malicious emails.
Bradley also said that phishing is the most preferred route for cybercriminals to steal essential data from organisations. As the organisations start growing, the chances of becoming a victim to hacker attacks also increase. If we look at the frequency of attacks as described by the recent studies, organisations that do not follow standard guidelines and lack the essential infrastructure for spotting employees who are engaged in high-risk emails are likely to suffer more trouble.
In order to avoid the threats, organisations need to block malicious attachments, links, and impostor’s right before they land into users’ inboxes. It is better to make use of trustworthy cyber security tools to deal with the issues associated with infected emails and to hire professional IT support professionals to ensure safety.