Blog
Phishing attacks: what you need to know and how to take action
Phishing attacks are the most common type of attack experienced by UK businesses
With 83% of UK cyber-attacks being phishing attempts, chances are you or someone in your business has experienced phishing before!
What is a phishing attempt?
The NCSC defines phishing as scam emails, text messages, or phone calls used to trick victims into downloading a virus, handing over bank details, or other personal information.
Phishing attempts are not only plentiful but also maturing. It’s getting more and more difficult to spot phishing, especially if you don’t know what to look for – it’s not all overseas prince and princesses moving their fortunes anymore! Threat actors are getting better at mimicking normal emails people are likely to receive such as Microsoft 365 updates or even posing to be someone in your own business
What are the risks?
The most common type of phishing is business and HR-focused, such as fake invoices, purchase orders, or shared files. The purpose of these phishing attempts is to gain sensitive information about the business itself, customers, and employees. Industries at most risk include education, healthcare, retail and wholesale, hospitality, energy and utilities, insurance, and consulting – industries likely to store a lot of data and private information.
The result of a successful phishing attack is often significant data loss, compromised accounts, ransomware, or malware infections. But the impact doesn’t stop there, these attacks can cause tremendous pain for their victims in the form of GDPR breaches, financial loss, and reputational damage.
How to protect against phishing
Phishing efforts aim to exploit human error, according to a study by our partner KnowBe4, one in three employees is likely to click a suspicious link or email or comply with a fraudulent request. This reinforces what cyber experts have been saying for years, the people in your organisation are a critical line of defence against cyber attacks. To protect against phishing, you must educate employees on how to recognise and report phishing attempts.
Thinking of strengthening your cyber security program and implementing phishing training to educate your team? Get in touch.