Phishing is a global scourge. Just today, Danny Palmer at ZDNET writes an excellent piece about how cybercrime is a $600 billion global drain on the economy. Here is an excerpt:
“You could argue that 80 percent of cyber crime can be prevented. That’s a stat the government is using and I was using it in the police and it’s still apparent today,” says Jake Moore an ex-cyber crime investigator, now at security company ESET. “Eighty percent is still the weak link of the human firewall.”
Phishing is a major problem companies often do not adequately protect. Phishing training otherwise known as anti-phishing behavior management (APBM) is a simple, cost-effective way to ensure workers in your organization are trained to properly handle the daily flow of communications they deal with.
According to Google Trends, Washington, D.C. has the greatest concern about phishing scoring 100 in the last 12 months! This score is the popularity of a search term within a particular region, relative to the total volume of search within the region over the period specified. And D.C’s interest dwarfs every other location.
|State||Score||# of Fortune 500 Companies|
The government is a huge target of phishing attacks – we know John Podesta was phished and as a result the entire contents of his mail server were made available on Wikileaks. This is likely why the areas around Washington, D.C. such as Virginia, Maryland and Delaware are also high on the list.
In addition, last year the D.C. government lost $7000,000 to a phishing scam. The hacker, using the fraudulent email address, asked the city to begin processing vendor payments through electronic transfer instead of checks. The government of D.C., which failed to detect the suspicious email address, then paid a number of outstanding invoices to the new account the scammer specified.
Hawaii is much higher than expected – this is possibly related to Hawaii state computers being targeted by Iranian hackers reported in March of last year.
According to the FBI, the hackers stole more than 30 terabytes of academic data and intellectual property — roughly three times the amount of data contained in the print collection of the Library of Congress.
The hackers were allegedly affiliated with the Mabna Institute, an Iran-based company created in 2013 to gain access to non-Iranian scientific resources through computer intrusions, the FBI said.
Authorities allege that members of the institute were contracted by the Islamic Revolutionary Guard Corps — one of several entities within the Iranian government responsible for gathering intelligence — as well as other Iranian government clients.
Perhaps the largest surprise is New York isn’t higher up on the list. With all the money at stake in NYC banks and Fortune Class organizations, one might think they would be number one.
Regardless of the state a company is located in, it’s important to remember, a single employee mistake can cost a company days or weeks of downtime.
Even worse, every day company workers come to the office only to find computers have been locked by ransomware and they are forced to pay a ransom to cybercriminals. Often this money funds organized crime and terrorist groups such as ISIS.
Danny points out there is no instruction manual for the internet and he is spot on.
APBM is not the complete solution but it is a major part of it.
Cybersecurity training is another important part of keeping an organization safe but the only way to ensure the knowledge is absorbed is to use a phishing training solution. The way these systems work is to send various templates to employees which mimic real phishing messages.
If and when employees click and enter their information, they are told they have been tricked and then informed what to look for the next time.
Employers are able to track the performance of workers and determine where the weak links are. Certain employees will need to be dealt with by management to ensure they take the matter seriously.
On today’s internet, every worker can be that weak link which compromises the business’s reputation, its customer’s data and ability to exist. The problem needs to be taken very seriously.
Phish360 is the only free enterprise-quality APBM solution helping companies drastically reduce their cyber risk from phishing attacks.