You may have noticed an uptick in phishing and other social engineering tactics because of the pandemic. You aren’t imagining it – hackers know that during times of heightened stress we aren’t at our best when it comes to making rational decisions. Hackers always know that exploiting human emotion is a better tactic than trying to find a vulnerability in a program, and now that’s more true than ever. Unfortunately hacking can be extremely costly to businesses, so training staff to spot phishing attacks could be your last line of defense.
In 2018, 83% of people received phishing emails, while 64% of businesses received phishing attacks. Most of these attacks are headed off by a combination of spam filters and security measures on email and computers. But for those attacks that do make it through, the average cost of cleaning up the resulting mess is $2 million per incident. Even if a quarter of a percent of phishing attempts is successful, that can destroy a business and its reputation. Hacked businesses experience data loss, malware that can gather personal and financial information, and compromised accounts. This leads to decreased productivity as employees try to clean up the mess.
The following is our rough coverage of the 2021 Sohn Investment Conference, which is being held virtually and features Brad Gerstner, Bill Gurley, Octahedron's Ram Parameswaran, Glenernie's Andrew Nunneley, and Lux's Josh Wolfe. Q1 2021 hedge fund letters, conferences and more Keep checking back as we will be updating this post as the conference goes Read More
Harder To Spot Phishing Attacks
One in three customers will stop using a business after a data breach, so it’s crucial to prevent losses from occurring. Using good spam filters for email is a great start, but supplementing that with additional security software is crucial. A company’s last line of defense is its employees, and 72% of employees say that it has gotten harder in the last few years to spot phishing attacks.
Most phishing attacks play to our emotions, so things like “Updated Building Evacuation Plan” and “Urgent: Invoice” will get most of us every time. If it creates a sense of urgency and preys on fear, it is more likely to be successful.
Most employees are trained to send suspicious emails to the IT department, but just 15% of those forwarded emails turn out to be malicious. Even employees who have annual training don’t always know what “phishing” means, and one in ten has clicked on a link in a phishing email.
Better training includes feedback. Not only should companies have employees send suspicious emails to the IT department for analysis, but they should also be given feedback about their accuracy in order to achieve better results in the future. Learn more about keeping your business out of the phishing net below!