Regardless of their size, companies are constantly being bombarded with phishing scams. If you’re like many small and medium business owners, you may think you aren’t big or important enough to be targeted by hackers. But that’s just not the case. In fact, small and medium businesses are easier to hack and many are extremely exposed.
In 2015, 85% of companies reported being targeted by a phishing scheme, a 13% increase from 2014, according to the Wombat 2016 State of the Phish report. The numbers are worrisome, and so is the rising sophistication of these schemes. Two- thirds of the companies surveyed in the 2016 Wombat report indicated that the attacks they experienced were personalized and targeted. This was a 22% rise from the year before. There IS good news out there, kind of. In Wombat’s 2017 State of the Phish report, targeted phishing (spear phishing) dropped to 61%. But that’s only kind of good news, because that’s a pretty terrifying percentage for businesses of any kind, but especially those who are required to keep client’s information under lock and key.
Successful targeted phishing scams rely on familiarity – they utilize the person’s name, email, and they know thing or two about the target. And they are every bit as successful with company leadership as they are with staff members. One study indicated that 1 in 3 CEOs had clicked on a targeted email. Their goal? Get you to download malicious attachments, click on malignant links, or provide personal details or other sensitive data. Brace yourself for the next statistic: 30% of targeted phishing emails are opened.
What’s even more concerning, phishing attacks are now the most popular way of delivering ransomware onto an organization’s network. Ransomware encrypts files or locks computer screens until a sum is paid, effectively shutting down operations. The amounts demanded are typically small and manageable, so many organizations will simply pay the ransom so they can get back online.
Employees are by far the biggest potential threat when it comes to targeted phishing scams, but they can also provide the front-line security force for your information. The difference lies in the training. Educating employees on the tactics of the hackers is mission critical for your company. The more aware, suspicious even, your entire staff is of the tactics hackers use, the more secure your data will be.
With today’s technology, enterprise grade tools are available at small business prices. The greatest benefit of the cloud is that per-user pricing models allow any size organization deploy services without heavy ongoing costs. Additionally, many of these capabilities, such as multi-factor authentication and advanced filtering are becoming standard across the industry. To get started, download our Checklist: Secure Your Network: 7 Steps You Can Take Right Now to learn the first steps you need to take.
For more information about how we can help you secure your environment, please contact us at email@example.com.
Bill Wootton is the Founder and President of C3 Integrated Solutions, a full-service IT provider based in Arlington, VA that specializes in securing our nation’s Defense Industrial Base through cloud-based solutions and industry leading partners. Bill is passionate about bringing cyber-awareness, and cyber-maturity to the nation’s Defense Industrial Base, working with clients to help them achieve CMMC and NIST 800-171 compliance by providing MSP, security and Office 365 integration services.