Warning to Businesses: 250% Increase in 2018 Email Phishing Attacks
By: Jim Stickley and Tina Davis
August 5, 2019
The Microsoft Security Intelligence Report found that email phishing “still prevails” as the preferred attack method, with a stunning 250% increase during 2018. The report analyzed more than 470 billion emails every month throughout 2018 for phishing and malware. Their findings should be a huge wake-up call to businesses everywhere, especially to those in charge of cybersecurity. Research shows that 60% of small (under 100 employees) and medium (100-999 employees) sized businesses (SMBs) close their doors within 6 months of a security breach.
It’s not just SMB’s who need to worry, as Microsoft’s report finds that employees are still the weakest link in the frontline of hacking attacks. However, those employees who are educated in the ways hacker’s enter systems, especially through email phishing, are also a great way to thwart those attacks.
The report also finds definite business hacking trends “For example, attackers increasingly use popular document sharing and collaboration sites and services to distribute malicious payloads and fake login forms that are used to steal user credentials.” In particular, email phishing attacks containing lures aimed at getting employees to open them and respond are a long-time hacker favorite. They count on weak-link employees in every industry to act, especially for those emails having malware attachments or bogus links. And even though email phishing attacks change and trend over time–especially after being exposed for what they are, hackers continually change their lures to escape detection.
Even though anti-phishing tools are improving, there’s much more work to be done. In the very least, all employees should be trained to spot email phishing. Education is currently the best anti-phishing tool and the best hope for businesses to avoid malicious content in those emails. And since hackers continually refine and improve phishing lures, ongoing cyber education is most effective. Microsoft finds “Phishing promises to remain a problem for the foreseeable future because it involves human decisions and judgement in the face of persistent efforts by cybercriminals to make victims fall for their lures.” In light of their findings and suggestions, an uneducated employee may be the biggest threat to a business, while an educated employee can be the best defense. Remember, the continued success of an organization of any size may greatly depend on having cyber-educated employees.