Nov 20

Phishing for Small Businesses

Regrettably, many small businesses believe that hackers have little to no interest in attacking their networks. This assumption couldn’t be further from the truth. Smaller organizations typically spend less on cybersecurity than their larger counterparts, and due to lack of defenses are regularly targeted.

Roughly 70% of ransomware attacks in 2018 targeted small businesses, according to a recent report from Beazley Breach Response Services, with 97% of phishing emails containing encryption ransomware. Some of the largest data breaches follow the model of phishing attacks on a targeted organization and the eventual compromise of their data and networks.

Microsoft recently highlighted the proliferation of phishing in their Security Intelligence Report. Microsoft conducted an internal scan of Office 365 email addresses, analyzing over 470 billion messages and found a massive increase of 250% in phishing emails.

So, what is a phishing attack?

Simply defined, phishing is any attempt to obtain sensitive information such as financial, personal or employee data through the impersonation of a trustworthy entity or individual via electronic communication, for malicious intent.

Standard phishing techniques include:

Spear phishing – An email or electronic communication that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Clone phishing – A previously valid email with its content and recipient address stolen and repurposed to create an identical or cloned email. The authentic links or attachments in the original email are substituted with malware and sent to recipients with the intent of tricking them into believing its authenticity.

Whaling – Phishing attacked designed to target upper management based on their role in the company. Whaling attacks are generally formatted as originating from a legitimate business authority. They can include a legal subpoena, client complaint or executive issue.

Phishing attacks are now the most frequent threat to the cyber landscape and are significantly increasing in sophistication.

Any organization receiving payment for services or products, has what every cybercriminal wants, credit card details and personal information including that of your clients and employees. If your organization does not prioritize following an effective cybersecurity protocol that adheres to strict guidelines, regularly educates staff and safeguards critical data, then you may unfortunately, be a prime target for future extortion.

Want to learn more about how to harden your defenses? Then speak with BMG today about our managed security services.