Phishing attacks are increasing, evolving in variety and sophistication and are jeopardising email security. A recent report has found that 90–95% of successful cyber attacks begin with a phishing email.
So, why is phishing so popular among cyber criminals, and more importantly what makes it so successful?
1. End-users are the weakest link
End-users are the weakest link. They can be tricked into clicking on a malicious link, downloading a file or handing over log-in credentials. Phishers are highly skilled at exploiting negligence, ignorance and take advantage or human nature. Employees need to be educated on the consequences of their actions and need to be taught to be cautious of unexpected emails that land in their inbox, even more so from unfamiliar senders.
2. Organisations aren’t doing enough
Organisations are failing to implement backup processes, identify users who require further training and are not executing control processes to reduce the risk of CEO fraud, such as a second confirmation check for bank transfer requests.
3. Cyber criminals are well funded
Access to funds, generally generated from previous attacks, increases cyber criminals’ ability to develop their technical skills and launch more sophisticated attacks. Because of this, experts strongly advise victims of ransomware attacks not to pay up, and, there is no guarantee that encrypted files will be returned.
4. Widespread availability of low-cost phishing and ransomware tools
The availability of phishing kits and the rise of ransomware-as-a-service (RaaS) has allowed aspiring cyber criminals to get into the market and compete with sophisticated criminal organisations.
Fight phishing and ransomware attacks with a consistent approach
To prevent or mitigate these attacks, organisations need to develop a cohesive cyber security strategy that incorporates people, processes and technology. They should:
- Raise awareness of phishing through dedicated e-learning courses;
- Develop processes that help staff take the best course of action in case of an attack; and
- Implement technology that can prevent attacks.