Page 62 - index
P. 62
Phishing Attacks aren’t a Passing Threat
In 2013 there were nearly 450,000 phishing attacks and record estimated losses of over USD $5.9 billion.
Phishing remains an ominous threat to consumers and businesses around the world.
The costs of phishing
According to the Ponemon Institute, US companies have the second most costly data breaches
at $188 per record (Germany comes in first at $199/record), with a total cost per US company at
3
$5.4 million. These costs were calculated using both direct and indirect expenses incurred by
the organization. Direct expenses include engaging forensic experts, outsourcing hotline
support and providing free credit monitoring subscriptions and discounts for future products and
services. Indirect costs include in-house investigations and communication, as well as the
extrapolated value of customer loss resulting from turnover or diminished acquisition rates.
The risk of data breaches and the financial damages associated with breaches is significant for
companies of all sizes. While smaller organizations may believe that they are not a target they
are actually at risk because they do not prioritize appropriately defending themselves from
attack. 57% of small businesses suffered staff related security breaches in the last year (up from
45% a year ago).
While 57% may seem like a high number, the same study found that 84% of large organizations
had staff related breaches.
What is the best way to combat phishing attacks?
According to Deloitte, over 70% of companies surveyed in a recent study, rated lack of
4
employee security awareness as an average or high vulnerability. There’s a good reason for
this rating. Security technology, the first approach to protecting a corporate IT infrastructure, is
not effective in protecting against social engineering or phishing attacks. It takes a human to
identify that “something doesn’t seem quite right about this” to avoid an attack and report it. Of
course employees can only do this if they have the right knowledge to spot an attack in progress
and practice safe behaviors to avoid opening themselves or their employer to attacks.
Sadly, even with the profound statistics listed above with regard to percentage of companies
that have had staff related breaches, 42% of organizations don’t provide any ongoing security
awareness training to their staff.
According to a PWC survey, organizations with a security awareness program in place were
50% less likely to have staff-related security breaches.
Enabling the Phishers
62 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
