A cyber-attack costs a small business on average $53 987. Although this is much less that the cost associated with cyber-attacks on medium and large enterprises that easily escalates to millions of dollars, when considered from a proportion to size point of view, it is substantial. One of the ways hackers wreak this havoc is by using phishing attacks. There are several different forms of phishing attacks which depends on the end goal of the scammer using them.
Phishing statistics
Phishing statistics released by Avanan show that 1 in every 99 emails is, in fact, a phishing attack. Of these phishing emails, 2 in 3 use either a malicious link or embed malware in the email. This amounts to 4.8 phishing emails per employee when calculated based on a five-day workweek. This is very alarming if you further consider that 30% of all phishing emails make it past IT security. The very success of this scam has encouraged and emboldened scammers to increase their attacks. In this regard, Avanan points out that phishing attacks increased with 65% from 2016 to 2017 and in 2018 alone, 83% of people received a phishing email or fell victim to a phishing attack. It has a massively damaging effect on productivity (67%), data loss (54%) and reputational damage (50%).
Damage to business
As mentioned above, the damaging effect of phishing attacks is most severe on productivity, reputation, and the loss of data.
At a fundamental level, brands are built on trust. When a phishing attack, therefore, results in, for example, the public disclosure of embarrassing or damaging emails, it tarnishes an organization’s brand irreparably. This is in addition to the normal backlash associated with phishing attacks. Just consider recent headlines: “British Airways data breach: Russian hackers sell 245,000 credit card details” and “Uber concealed massive hack that exposed data of 57m users and drivers”. No matter how formidable your organization, headlines such as these can damage an organization’s reputation for years to come.
Despite brand being the foundation of an organization’s market capitalization, data loss can be the most devastating loss of all. Statistics indicate that in 2018, 24% of organizations targeted by phishing experienced major data loss. Spear-phishing (the type of phishing utilized to target data) is aimed specifically at stealing sensitive information such as account credentials or financial information to use for nefarious purposes.
Finally, a combination of loss of reputation and loss of data equals a substantial decrease in productivity. Time will have to be devoted to recovering from the phishing attack, especially in the event of an attack involving malware, in which case employees may be distracted and systems need to be taken offline which may render some employees unable to perform their operations. This further translates to monetary losses for the organization.
Stage2Data partners with Heimdal Security to offer robust, multi-layered security products to combat next-gen malware, ransomware and other enterprise threats used also in phishing attacks. For more information, please get in touch or download one of our free eBooks below.