In 2017, it was reported 46% of UK businesses identified a cyber attack, now in 2022 this has decreased to 39%. However, as technology has advanced and the understanding of cyber security has increased, why have figures not decreased further?
Well, as cyber security identification methods have improved and become more sophisticated, this allows for more attack attempts to be identified. The latest government figures suggest the majority of these identified were through phishing attempts.
For any organisation phishing can be of great concern due to the ease of private information being shared. Most organisations mitigate this risk by ensuring all staff have attended mandatory training on identifying phishing emails to reduce the chance of an end user responding. With any training, there is a risk that not all the information from this training will be retained. Plus, this model is reliant on the training being up to date with the latest phishing techniques. To ensure phishing emails do not fall into end users mailboxes it is advised to follow the suggested best practice below.
Firstly, ensure the mailboxes at the organisation have been setup correctly, ensuring built in protection and filtering / blocking technologies have been enabled. This will help to instantly reduce the number of phishing emails reaching the end users account. These filters can be used to identify what is believed to be phishing emails and also allows users to report these to the internal IT team.
Secondly, it would be advisable for a company to invest into a third party supplier to check incoming emails for spam, phishing and malware. This would transfer the risks of these emails reaching the end users and removing the internal risk of these emails being opened by employees. This can prevent phishing emails reaching the users mailboxes! If an email was to slip through this method, through applying the additional element of the filtering / blocking technologies you would further reduce the risk of these emails reaching the end user.
So how can your end users identify a phishing email? For many, these are easy to spot, there are a number of elements to help indicate if an email is legitimate. Ask yourself…
- Does the email look legitimate? Have you ever received an email from them before?
- Are there any spelling or grammar mistakes?
- The email is sent from a public domain (such as gmail.com)
- Do the links look suspicious?
- Does the email suggest urgent action is needed?
If you or your employees are ever in doubt of an emails legitimacy it’s highly advised to report this to your internal IT team who will be able to run further analysis into the origins of the email. As the saying goes ‘ It’s better safe than sorry’.
Although phishing attacks were suggested to be the highest prevalence, it’s important to consider alternative cyber threats to your business. To ensure your business minimises the risk of cyber security breaches why not talk to an expert today! Next2IT offers Phishing protection and Phishing simulation services as well as your normal penetration and vulnerability scanning to identify potential areas of weakness, helping your business to reduce their risk. Email [email protected] or call 0330 1332 202.