The biggest hacking threat to businesses comes not from unpatched software, but phishing. An incredibly simple, yet highly effective way that cybercriminals gain access to networks. Phishing can be used to bypass even the most sophisticated of cybersecurity defenses. Why go to the trouble of trying to find a weakness in highly sophisticated cybersecurity defenses when a simple email can get an employee to give the attacker their login credentials?
As Jeh Johnson, Secretary for the U.S. Department of Homeland Security, recently explained to attendees at the Financial Crimes and Cybersecurity Symposium in New York, phishing is one of the department’s biggest fears.
“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing,” says Johnson. It is no surprise that phishing is the biggest hacking threat to businesses. Phishing is alarmingly effective.
Even multi-million dollar cybersecurity defenses can be bypassed with a simple phishing email. The social engineering techniques used by cybercriminals often get the desired response.
Most of the largest hacks in the United States were possible not due to a security weakness, but because an employee responded to a phishing email. The cyberattacks on Ebay, Target, the Office of Personnel Management, JP Morgan, Anthem, and Sony Pictures all started with a simple phishing email.
Cybercriminals have also started using phishing emails to distribute ransomware. Malicious links are sent to company employees along with a request to click for free items, to take part in prize draws, or even to secure their computers to prevent cyberattacks.
Phishing has been around for as long as email and cybercriminals will not stop using phishing to gain access to networks, install malware, lock files with ransomware, and steal data. Phishing is likely to remain the biggest hacking threat to businesses. Organizations – and their employees – just need to get better at identifying and blocking phishing attempts.
One of the best defenses against phishing is to ensure that all staff members from the CEO down receive security awareness and anti-phishing training.
Training alone is insufficient. Staff can be told how to identify phishing attempts, but their ability to spot a phishing email must be put to the test. Anti-phishing skills need to be regularly tested. Dummy phishing emails should be sent to check to see who responds. Johnson says his department often sends fake phishing emails – free Redskins tickets for example – to test anti-phishing prowess. Anyone who responds is provided with further training.
Training is important in case a phishing email reaches an employee’s inbox, although it is far better to ensure phishing emails are not delivered. The best technological defense against phishing is the use of a spam filter. If phishing emails are not delivered to inboxes, staff members will not be able to respond and their anti-phishing skills will not be put to the test.
SpamTitan is a highly effective spam filtering solution for businesses that blocks 99.97% of spam email. Each month SpamTitan is independently tested for effectiveness. SpamTitan has now won 36 consecutive VB Bulletin antispam awards.
SpamTitan is a highly scalable anti-spam solution that’s suitable for businesses of all sizes. SpamTitan can be installed as a software solution, as a virtual appliance, or as a 100% cloud-based solution, the latter being ideal for managed service providers (MSPs).
Each solution is quick and easy to install, requires a low management overhead, and incorporates a host of features to block malware and prevent the delivery of phishing emails.
We are so confident that you will be impressed with SpamTitan that we offer the full product on a 100% free, 30-day trial. For further information contact TitanHQ today and take the first step toward banishing spam.