And no, you haven’t spotted a typo! writes David Wetz of Phish Train Phish

 
It is indeed ‘phish’ and not ‘fish’, and just to explain what phishing is to those who may be unfamiliar with the term, here is a quick description.
 
‘Phishing is the term given to describe fraudulent attempts to gather confidential data or funds using deceptive emails and websites’.
 

Did you know that 91% of all successful cyber attacks worldwide begin with a victim having clicked on a phish. Yet despite this staggering statistic, most businesses and individuals are unaware that they can prepare against this common form of attack. People are always seen as the weakest link.

It is also fair to say that many businesses and individuals think it’s something that happens or will happen to someone else, never to them.

Both the UK and the wider world is littered with examples of high profile cyber attacks that have stopped businesses in their tracks, taking money, data, and something a little more intangible in terms of cost – reputation. The damage is real and can have a long lasting and devastating impact.

In the UK in 2017 there were 17 million victims of cyber crime resulting in a combined loss of £4.5Billion. Wind forward to 2020, and every 20 seconds a new phishing website is created to specifically target users.
 

“Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.
 
These ‘phishing’ attempts have been seen in several countries and can lead to loss of money and sensitive data.” Source:ncsc.gov.uk
 

And on COVID…

 

The NCSC has seen an increase in the registration of webpages relating to the Coronavirus suggesting that cyber criminals are likely to be taking advantage of the outbreak. The message is simple, lockdown has not slowed the cybercriminals down one bit.

Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise. Source:ncsc.gov.uk

 

They Know No Bounds

 

Criminals definitely know no bounds. A headline from a recent article dated this year in Wired magazine read ‘Hackers are targeting hospitals crippled by coronavirus’.

Whilst headlines like this are sometimes designed to grab your attention, the takeaway lesson from the article centred on the fact that hackers will not stop at anything to attack and disrupt networks and devices.

If recent phishing attacks have been audacious enough to also target the WHO, then all businesses and individuals will be seen as fair game to these social engineering lures, and in particular coronavirus themed emails.
 

How can I protect myself and my business?

 
Well, we believe that the need to mitigate risk has never been higher and the term ‘it’s something that happens to other businesses or individuals’ is correct, until it happens to you and your business. Unfortunately, the problem is also compounded with the latest pandemic. Workers across the UK have moved to a more relaxed working environment which in turn can lead to a more relaxed security posture as we all feel safer in our homes and more employees and other individuals use their own devices.

Human awareness and intervention remain one of the most important defences that can help build and sustain a more secure environment. Cyber awareness and phishing training should not be the poor relation to expensive technology solutions that are sometimes regarded as the only means of securing a network. After all, what is the point of expensive technology if your staff are not trained to use it safely?

 

People before technology

 

Awareness training and phishing tests should go hand in hand and we believe should not be performed in isolation of one another. Hardening your ‘human firewall’ through good quality cyber awareness training and testing is equally as important as a piece of software downloaded onto all your devices. Taking it one step forward we believe that putting people before technology is of paramount importance.
 

Why

 
Always a good question. Why is this important and why do I need this. We take out Insurance across many different categories both personally and in business. Phish testing and training is an important part of ensuring that you are mitigating the risk of you and your staff clicking on a phish. Cyber criminals are becoming more pragmatic and targeted in the way they attack you. The very moment you connect online you are vulnerable to attack, day in and day out.

Phish Train Phish was designed to be different – by putting people before technology – and in comparison to many cyber solutions in the marketplace, it is not expensive.

For exceptional and engaging training by industry experts that also won’t break the bank visit phishtrainphish.com for more information.
 

Keep well and stay safe,

Phish Train Phish.
 



Commentary » Latest



Leave a Reply