Symbol Security – why are we here and what is Phishing?
Simply put, there is a major epidemic with regard to businesses and individuals being defrauded and stolen from by Cyber Criminals who use a technique called ‘phishing’ to gain access to sensitive information or commit thefts. Symbol Security is here to create an easy to use, authentic means of re-creating simulated ‘phishes’ enabling its users to better recognize and avoid a real phish…
In the recent decades, many technological advantages have been delivered to individuals and companies all around the world. But with technology and digitization comes the risk of fraud and theft making the digital environment equally advantageous for criminals. The result is a continual attack from cyber criminals and fraudsters that do not need to physically break into your facility to steal valuable items, they can leverage technology to steal from and damage small, defenseless companies, as well as the large companies with many resources.
Phishing is a cybercrime in which people are ‘lured’ into divulging sensitive data, transferring money, or simply clicking on a file that embeds malware or other harmful files. The misnomer in the Cyber Security industry is that cyber criminals hack into networks thru weaknesses in a company’s perimeter defenses along their network. With Phishing, Cyber Criminals use benign or legitimate email accounts, in addition to spoofed accounts that do not get caught in email security filters and therefore end up face to face with unsuspecting users who are often unable to recognize that these seemingly legitimate emails are indeed fraudulent. Once in a users email inbox, phishing emails lure individuals into giving important information such as banking and credit card details, passwords, employee data, customer data, and other personally identifiable information which can be sold on the dark web.
How often does this happen?
According to an FBI report published in 2017, phishing is far and away the most often used form of Cyber Crime. The impact of these kinds of online attacks can be devastating even for the most stable companies on the market.
The FBI’s IC3 stated that in 2017 Cyber Crimes resulted in over $1.4B in losses and many believe that number is much higher. Verizon’s recent State of Cyber Security Report noted that almost 90% of security breaches originated with a phish. This is a tremendous reality check for the businesses that spend their money protecting network and perimeters, and fail to appropriately train and educate their employees about the methods of Cyber Criminals leveraging email phishes as their entry point into companies sensitive and financial information.
How important is it for users to recognize phishing and resist clicking on it?
Given 90% of security breaches begin with a phish, it is imperative!
The mission of Symbol Security Blog is to inform and educate individuals all around the world about the dangers posed by these malicious activities. Leveraging Phishing Simulation and Training platforms like the ones that Symbol Security provides are, how to avoid them and what tools to use to automate the identification of such dangers is what we want to do here. Moreover, we want to bring to light the variables that influence this growing phenomenon.
The programs maturity, email personalization options and even the days of the week are only a few factors that can boost the likelihood of suspicious messages. The latest reports about phishing also show that security failure rates can vary significantly according to the industry, and that will determine us to pay more attention to some of the most impacted sectors.
What company titles should be concerned about Phishing?
Regardless of the number of employees a company has, there should always be an individual whose primary purpose is to protect the company’s sensitive data. The executive team is typically the primary group accountable for ensuring the safety of all sensitive data. CEOs, CTOs, CISO’s, and Chief Risk Officers have to take responsibility to mitigate all risks against cyber attacks including both preventative technologies (i.e, blocking phishing attempts) and more importantly ensuring that simulation and awareness training procedures are in place and are measurable. Beyond our places of work, unfortunately, the Phishing threat extends into our homes as well. Cyber Criminals also target information and finances at the individual levels, only reinforcing the importance of recognizing what phishing is and how to avoid becoming a victim.
Knowing the signs of a potential phish and understanding its potential impact is essential in ensuring the safety of your business, its assets, and your employees. Stay tuned for more information from the Symbol team and please contact us if you are interested in a demo of our phishing simulation platform!