Specialist IT Resources

Could your employees spot a phishing scam when half of UK employees can’t? | METHOD IT

Written by Method IT | May 9, 2022 3:44:00 PM

No matter your vertical, your business is continually at threat from cybercriminals, and believe it or not, one of their most effective lures to gain access to your data and systems, is a simple, easy to send, little phishing email.

So, to ensure we’ve got your attention, as despite this fact, you probably still believe that your SME tucked away in the Home Counties is safe as houses, as no ‘online crim’ worth their salt would be interested, we’ll start this blog, with two key cyber security statistics:

Now is not the time to believe that you won’t be a target for cybercriminals, now is the time to prepare your business as you most likely already are a target.

At the time of writing this article, the SparrowDoor malware is currently doing the rounds, this malware performs reflective loading of a Portable Executable (PE) payload with no headers. A persistent downloader and backdoor employing XOR encoding for the command and control (C2) channel underneath HTTPS. Its additional functionality includes clipboard logging, AV detection, inline hooking of Windows API functions and token impersonation.  Once unknowingly installed, this malware will:

…target the Windows operating system, as a persistent 32-bit loader and backdoor.
The backdoor can be tasked with various commands, such as opening a reverse shell connection with the configured C2 server or exfiltrating data. There are numerous design features included in the SparrowDoor malware to evade detection and frustrate analysis.

In 2021 it’s suggested that the average business has been targeted 28 times by cyber threats, and it’s suspected that due to phishing attacks, almost half (44%) of large organisations have consequently been unable to access their systems. 

Could your teams spot a phishing or Business Email Compromise "BEC" email? Have you trained them how to?  Do you have adequate Email screening protection in place? 

No matter how many firewalls, passwords, 2FA or security plugins you have on your network, if one of your employees clicks a malicious phishing link in an innocuous looking mail, they’re all practically worthless. A simple BEC attack once clicked will, in seconds, deploy harmful software into your network, locking you out of all systems and literally holding your business to ransom.

Worryingly, the average cost of a simple but highly effective BEC attack is $4.37 million per breach, these attacks use real or impersonated business email accounts to defraud employees. In 2020, BEC scammers made over $1.8 billion – far more than via any other type of cybercrime. 

With the threat of being a victim of cybercrime higher than ever due to the move to remote working and the Russian invasions of Ukraine, every business needs to ensure their employees are trained to spot and block a cyber-attack. They need to be aware of the threat vectors, the methods mostly used by cybercriminals, to keep up with the ever-changing threat landscape. Once trained, it’s important that regular testing is in place to ensure you know that your teams, your first line of defence, have the knowledge to protect your data, your systems, and ultimately your business.

Statistica’s Report The Share Of Businesses Where Staff Have Had Cyber Security Training In The United Kingdom (UK) In 2019, By Size of Business, confirmed that among all United Kingdom businesses, just 27% had undertaken cyber security training in previous last 12 months.

You train your employees to use the systems you provide, the software you use and to understand the services and products you sell, so why neglect to train them to protect your business data?

As your first line of defence to protect your business, you need to prioritise cyber security training and testing.

Book a security audit now, we can run phishing tests and training along with many other cyber security services to better protect your business.

Don’t let a phishing scammer catch you out!

Request a no-obligation cyber security audit with the Method IT experts.

 

Additional cyber stats that may help confirm the need for better cyber security.

2021 had the highest average cost in 17 years

Data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report.

Remote work due to COVID-19 increased cost

The average cost was USD 1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

Compromised credentials caused the most breaches

The most common initial attack vector, compromised credentials, was responsible for 20% of breaches at an average breach cost of USD 4.37 million.

Security AI had the biggest cost-mitigating effect

Automation and security artificial intelligence (AI), when fully deployed, provided the biggest cost mitigation, up to USD 3.81 million less than organizations without it. 

A zero-trust approach helped reduce cost

The average cost of a breach was USD 1.76 million less at organizations with a mature zero-trust approach, compared to organizations without zero trust.

Cloud migration impacted costs and containment

Organizations further along in their cloud modernization strategy contained the breach on average 77 days faster than those in the early stage of their modernization journey.

Improve your cyber security
get in touch with us now

 

You may also be interested in our 2021 Cyber Security Update

Resources:

  1. https://www.ibm.com/uk-en/security/data-breach#:~:text=2021%20had%20the%20highest%20average,year%20history%20of%20this%20report
  2. https://www.ibm.com/uk-en/security/data-breach
  3. https://www.icgov/Media/Y2019/PSA190910
  4. https://www.tessian.com/blog/business-email-compromise-bec-examples/
  5. https://news.stanford.edu/2020/06/29/snapshot-new-working-home-economy/
  6. https://blogs.opentext.com/how-to-protect-remote-workers/
  7. https://cisomag.eccouncil.org/cybercrime-will-cost-the-world-us6-trillion-by-the-end-of-the-year-study/#:~:text=According%20to%20the%20Official%20Cybercrime,of%20economic%20wealth%20in%20history