Despite the constant headlines about elite level hackers deploying state-of-the art malware, and ransomware, the primary cybersecurity threat to companies is the comparatively low-tech, yet ubiquitous, phishing email.
According to one study, 65 percent of companies and organizations in the United States have experienced a successful phishing attack within the last year, another shows that fully 22 percent of all data breaches are phishing-related, and yet another found that 68 percent of detected ransomware campaigns used spear-phishing attachments as their initial point of access into company networks.
“You know that time of day when work gets particularly hectic? Well so do practiced phishers and that’s often when the skillful ones strike. You’re focused on the tasks at hand, not whether that link in your co-worker’s email looks suspect,” says CyberScout founder and chairman Adam Levin. “Bottom line: Busy equals distracted, distracted equals vulnerable, and that’s when or why we may not see a phishy link for the security threat it is.”
The success rate for phishing emails directed at employees consistently shows the need for greater security training at every level of a company, especially since a recent study of U.S. workers found that only 49 percent were able to correctly answer the question “what is phishing?” and nearly 30 percent believed that “malware” is a type of hardware that boosts Wi-Fi signals.
Misconceptions and general ignorance of cybersecurity “are what feed the predators in this cyber ecosystem of trickery and human fallibility,” said Levin, who says that training and proper preventative measures can help minimize the threat.
Cybersecurity fundamentals including how to recognize telltale signs of a phishing email, using strong and unique passwords, how to enable multi-factor authentication, and the consequences of poor cyber hygiene should be a topic for training at every level of a company, from the C-Suite to the mailroom.