INTERNATIONAL FRAUD AWARENESS WEEK: IT EXPERTS SHARE INTEL AND TIPS TO HELP BUSINESSES & EMPLOYEES BATTLE PHISHING ATTACKS TO MARK AWARENESS WEEK
LEADING IT SERVICE PROVIDER, TOTALITY SERVICES, EXPLAINS PHISHING ATTACKS, THE RISKS FACED AND HOW BUSINESSES CAN LOOK TO MITIGATE THEM AS CASES DOUBLE
Phishing attacks grow 5% over 2020 with attacks in September 2021 more than twice as high as the previous year
- Information, effects and prevention guidance shared by leading IT Experts to celebrate International Fraud Awareness Week (Nov 14 – 20)
- Cybercrime costs the UK economy alone approximately £2.7 billion per year, with phishing the most common intrusion method businesses face on a daily basis
LONDON, NOVEMBER, 2021:
With phishing attacks acting as the most common cyber threat business and employees face this year, to mark International Fraud Awareness Week (14 – 20 Nov) IT experts have revealed what businesses should look out for – and steps they can take – in an attempt to prevent the attacks.
Last year, phishing attacks – a ploy by criminals to access valuable information and data by masking their identity – rose by over 30% (31.5%) and recent studies show that September 2021 saw the number of attacks double from the previous year.
In an attempt to help businesses prevent falling victim, Charlie Acfield, Technical IT Director at Totality Services – London’s leading IT support company – has shared information on how to identify phishing attacks, the risks posed and steps to take to mitigate them.
WHAT ARE PHISHING ATTACKS?
Phishing attacks predominantly occur via email. Hackers deploy sophisticated techniques (such as ‘spoofing’, where the email appears to originate from a legitimate source) to mask their intentions and fool employees into doing their bidding.
What this means in practice is fairly straightforward:
- A hacker conveys a message to a user (via text message, social media, email or over the phone) that attempts to trick the user into surrendering information
- Once the user has either followed a link to a malicious website, or downloaded a corrupt file, the hacker is able to extract data or login information from the network that grants them wider access to multiple data sources and/or business systems
- The hacker then either demands a ransom for restoring the company’s access to their own data, threatens to publicise the attack, steals it or offers it for sale on the dark web
WHAT ARE THE EFFECTS?
In 2020, approximately £2.3 billion was lost to direct online theft, or the theft of customer data in the UK alone. Given that phishing is the most common attack vector experienced by businesses, it’s reasonable to assume that a sizeable portion of this resulted as a direct consequence of some form of phishing attack.
Further damage comes from the cost of the necessary remedial action that businesses are forced to take in the event of a successful attack. Entire networks facilitating hundreds of users are forced offline to mitigate further damage; business critical financial systems that facilitate payments may need to be paused and costly system upgrades to antivirus platforms need to be enacted immediately, and without proper planning.
Quite often, it’s not the financial damage incurred from an attack that wreaks the most havoc – it’s what happens to a firm’s relationships with its customer base, once they are forced to acknowledge that their clients’ data is now in the hands of criminals’ intent on exploiting it for financial gain.
In 2019, leading global risk management consultants discovered that in the event of an intrusion, brand damage costs more to a business than any resulting loss of working capital or man hours.
Regardless of the chain of events that led up to a breach, client confidence is not easily restored. In the eyes of the customer, culpability for the breach all too often falls at the feet of the business in question, rather than the criminals who stole the data.
HOW CAN PHISHING ATTACKS BE PREVENTED?
Cybersecurity & BUDR
Advanced email protection platforms scan incoming email for malicious links and deploy a quarantine zone for suspect messages to either be permanently deleted or released as legitimate. Such platforms are based upon globally maintained lists of files and email domains that pose a threat, drawn from the collective research of the world’s leading cybersecurity experts.
In addition to gateway security, centralised antimalware detection should be in place throughout your organisation’s entire asset list, along with a robust and well-maintained backup schedule to guarantee business continuity in the event of an emergency.
No cybersecurity system is 100% effective at stopping external threats at source, and malicious communication sometimes finds a way to reach all levels of employees. This is precisely why staff should be made constantly aware of the ways in which criminals attempt to circumvent security systems by communicating with them directly.
For more detail and further information on how businesses can look to prevent losing valuable data and information to phishing attacks, Totality Services has published a detailed guide online “Phishing Attacks: What They Are, Their Effects And How To Prevent Them”
Totality Services Technical Director, Acfield, said: “Unfortunately, fraudsters are getting better and better at what they do by the day. Cybercriminals and their attacks are increasingly more sophisticated, no longer do we see so many giveaways such as spelling errors or suspicious looking links. Instead, they are researching and impersonating companies and people.”
“With a rise in hybrid working models, employees are increasingly switching between work and personal devices and applications for business needs and therefore are more at risk to leak sensitive information and data. It’s not just the responsibility of employees though, employers and business leaders should lead from the front and train staff to raise awareness and help to tackle phishing attacks, together.”
For more information on this topic, please contact [email protected]
Image Source: BigStockPhoto.com (Licensed)
Related Categories: Tech, Reviews, Work