Out of 714 employees polled by GetApp, almost half said someone from their organisation clicked a phishing link. GedApp’s new report sheds more light on the dangers of phishing and how little organisations really do to protect themselves.
The report claims that almost a quarter of businesses have been victims of such an attack. At the same time, they’re not doing enough to protect themselves. Roughly two thirds use two-factor authentication, which means that the rest is wide open for cyberincidents. Just over a quarter train their employees on the dangers of the internet, teaching them how to spot phishing emails and malicious software.
Only three-in-ten businesses conduct regular phishing tests, it was added.
“Our survey shows that a surprisingly large number of businesses have been fooled by phishing scams. With technology advancing and tactics evolving, the need to remain vigilant against cyberattacks is more important than ever,” commented Zach Capers, Senior Content Analyst at GetApp.
Criminals that use phishing to target businesses usually impersonate executives from the company, target lower-level management and send intimidating emails which trick the victims into reacting fast and reckless. The most effective way to combat phishing is to teach employees to stay calm and composed, not to trust everything they see in their inbox and to double-check every little detail, especially if the email is urgent and out of the blue.
Phishing emails can usually be spotted through the domain name which often comes with a typo or a minimal change.
“The most worrying part of this is how many employees have clicked phishing emails compared to how few companies are actively working to train their employees to recognize them. Spear phishing is an effective and inconspicuous way of infiltrating a business. It’s vital that employees are taught to recognize it,” Capers concluded.