Phishing is the number one threat faced by businesses and attacks are increasing across all industry sectors. Businesses of all sizes are being targeted by hackers. The risk of phishing attacks should not be underestimated.
The High Cost of a Data Breach
A successful phishing attack that results in a data breach can be incredibly costly to resolve. A 2019 Radware survey suggests the cost of a successful cyberattack has increased to $1.1 million, while the Ponemon Institute’s Cost of a Data Breach Study in 2018 placed the average cost at $3.86 million.
The Anthem Inc. data breach of 2015, that resulted in the theft of 78.8 million health plan members’ personal information, started with a phishing email. The attack resulted in losses well over $100 million.
In 2017, a phishing email sent to a MacEwan University employee resulted in a fraudulent wire transfer of $11.8 million to the attacker’s bank account.
Essential Anti-Phishing Controls for Businesses
For most businesses there are two essential elements to anti-phishing defenses. A spam filtering solution to identify phishing emails and block them before they are delivered to employees’ inboxes and training for staff to ensure that if a malicious email makes it past the perimeter defenses, it can be identified as such before any harm is caused.
A spam filter is quick and easy to implement, although care must be taken to choose the correct solution. Not all spam filtering and anti-phishing solutions are created equal.
The Danger of Relying on Office 365 Anti-Phishing Controls
Many businesses now use Office 365 for email. 155 million business (and growing) are now using Office 365. That makes Office 365 a major target for hackers.
Microsoft does provide anti-phishing and anti-spam protection through its Advanced Threat Protection (APT) offering for Office 365. APT is an optional extra and comes at an additional cost.
APT provides a reasonable level of protection against phishing, but ‘reasonable’ is not sufficient for many businesses. APT is certainly better than nothing, but it does not provide the same level of protection as a third-party spam filtering solution from a dedicated cybersecurity solution provider.
Hackers use Office 365 accounts protected by APT to test their phishing campaigns to make sure they can bypass Office 365 controls. Hackers can easily tell which businesses are using Office 365 as it is broadcasted through public DNS MX records, so finding targets is easy.
With a third-party solution implemented, businesses will be much better protected. Hackers can tell that a business is using Office 365, but they will not know that it has advanced spam defenses from a third-party solution provider. This multi-layer approach is essential if you want to ensure you are well protected against phishing attacks.
SpamTitan is a leading spam filtering solution for businesses that is highly effective at blocking phishing and other malicious emails. Independent tests confirm the solution blocks more than 99.9% of spam and malicious emails and 100% of known malware through its two AV engines. It is a perfect addition to Office 365 to provide even greater protection against phishing threats.
Don’t Underestimate the Importance of Security Awareness Training
No technical anti-phishing solution will be 100% effective, 100% of the time. Hackers are constantly developing new techniques to bypass organizations’ defenses and occasionally messages may be delivered. Employees must therefore be trained how to identify malicious messages and conditioned to be alert to the threat of attack. Employees are the last line of defense in an organization and that defensive line will be tested.
A once a year training session may have been sufficient in the past, but the increased threat of attack means far more frequent training is required. To develop a security culture, it is necessary to have regular training sessions and use a variety of different methods to reinforce that training.
Twice a year formal training sessions should be accompanied by more frequent CBT mini-training sessions, cybersecurity newsletters, posters, and phishing email simulations to identify weaknesses.
SMBs are Being Targeted by Hackers
Many SMB owners think that their business is too small to be targeted by hackers. While large organizations are attacked more frequently, SMB cyberattacks are far from uncommon.
The 2018 State of Cybersecurity in Small and Medium Size Businesses study conducted by the Ponemon Institute showed that 67% of SMBs had experienced a cyberattack in the past 12 months and 58% had experienced a data breach.
Due to the high risk of cyberattacks, the increased number of phishing attacks on SMBs, defenses need to be improved. Businesses that fail to implement appropriate cybersecurity solutions and train staff how to identify phishing emails are a data breach waiting to happen.
Fortunately help is at hand. If you want to improve your defenses against phishing, contact TitanHQ to chat about your options.