A critical component of cybersecurity: Phishing securityOrhan Sari
Phishing security comprises the measures like people, processes and technologies that are designed to protect systems, networks and data from phishing attacks. Strong phishing security measures reduce the risk of phishing attacks and protect organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
According to IBM 2016 Cost of Data Breach Study,1 consolidated total cost of a data breach grew from $3.8 million to $4 million cybersecurity, and average data breach cost is $158 per stolen record.
Kaspersky Study from September 2016 shows an average cost of $861,000 for large businesses and $86,500 for SMB.2
The UK government’s Cyber Security Breaches Survey 2017 found that the average cost of a cybersecurity breach for a large business is £19,600 and for a small to medium-sized business is £1,570.3
Why phishing security?
Human error or behaviour cause almost 90% of cyber attacks.4 Many of the cyber crimes and hacking attempts occur when cybercriminals masquerading as a trusted entity, like senior executives at a company, manipulate a victim into opening an email, instant message, or text message. This attempt is called “a phishing attack” in which the victim a into clicking a malicious link, which can lead to the installation of malware or to a redirection of a fake page.
Why cybersecurity should be your priority
Cyber attacks are evolving at a very aggressive pace as cybercriminals intelligently utilise the opportunity of being anonymous and spontaneous. They are developing new ways of assault every single day. They target an individual or an organisation to initiate a phishing attack. Thus companies especially should start to prepare for a possible cyber attack against the risk of data losses and system breaches.
Over 90 % of hacking attempts today begin with some phishing attacks, which use email with social-engineering techniques to gain access to confidential data. Because it is human nature that makes people so vulnerable- they tend to trust people or have a fear of getting into trouble, which are all methods that social engineers use to create confidence to obtain sensitive information. Even people who don’t consider themselves to be trusting by nature are vulnerable when presented with the right story, the right voice, the right speech pattern, the training body language, and so on.5 The reason phishing attacks are often successful is because it usually appears to come from a known or trusted source, often impersonating a C-level executive. As such, phishing email attacks can be remarkably difficult to identify, and even when employees are trained how to spot a possible phishing attack or CEO Fraud, 23% of phishing emails are still open.6
Phishing security solutions
People, process and technology triangle
Preventing cybersecurity incidents today is nearly impossible. Therefore, to secure any institution properly, one needs an Information Security Management System which addresses people, processes and technology pillars.
As the last line of defence, people should be aware of their role in preventing and reducing cyber threats, when handling sensitive data or understanding how to spot phishing.Therefore, employees need to get the necessary training to have the latest skills and qualifications to fight the latest cyber threats. Employees don’t stay up to date affect the organisation’s ability to mitigate and respond to cyber attacks. 8
For a practical cybersecurity strategy, processes are crucial in defining how certain tools are used to reduce cyber attacks. Processes are key to manage and implement cybersecurity awareness solutions on a regular basis.
Technology is crucial for cybersecurity, and it is a critical component of an organisation’s cyber security approach. Technology should be protector of assets. There are a large number of technologies that effectively secure systems and can be deployed to prevent or reduce the impact of cyber risks.