Imagine you start afresh while accommodating yourself with your daily task list. You are going through your emails when see a new email in your inbox. Congratulations! You are the lucky winner. Now, this makes you curious to know the deal.
You click on the email, and as you go through it, you become extremely excited. The email informs you that you have won a cash prize worth rupees one lakh. The email further asks you to revert with your bank account details. You send the details of your account and start daydreaming. An hour later, you receive a message from your bank informing you that your bank account has been debited with fifty thousand rupees.
This is just one example of how lottery fraud, however, there are many cases like these. Let us take a look at the statistics:
- According to a report, 1 out of every 99 emails is a phishing mail.
- Almost 30% of all the phishing emails can slip through your organization’s basic email domain’s default security.
Such facts do not seem concerning on individual level but on the organizational level, the probability of being 1 out of 99 mails is very dangerous. A single phishing mail is enough to destroy an entire organization.
It is important to understand the gravity of this small yet significant percentage since such emails have resulted in 65% of the successful phishing attacks.
How do such phishing emails affect organizations?
Let us now take a careful look at how attackers have been causing havoc through a single phishing email:
- Extortion: Gone are the days when attackers solely relied on ransomware to mint easy money. Within the past year, it has come into notice that approximately 8% of all phishing emails are deployed with an aim to extort money from victims.
Around 54% of all phishing emails have resulted in the loss of Proprietary data.
- Loss of Proprietary data: Proprietary data is a type of data that is owned and controlled by either an individual, an organization or a group. Data is the most valuable resource for any organization. Any harm to the data will not only cause financial loss but also, will cause reputational damage and breach of trust among customers.
- Financial Loss: With organization’s data in the hands of cyber attackers, there is no limit to how cyber attackers can abuse this data. Any breach of the consumers’ privacy guidelines can lead to fine and penalty imposition on the affected organization.
- Reputational Damage: What adds up to these concerning statistics is the reputational harm caused by such attacks. 50% of all the successful phishing attacks have not only caused financial harm but also, have caused reputational damage to the organization.
It has been observed that 1 in every 3 consumers will stop doing business with the affected organization.
Why should organizations focus on cyber-security?
Cyber-security is a very crucial aspect in this era of digitalization where an increasing number of organizations are moving online. With the easy availability of data, it has become vulnerable in the hands of cyber attackers.
Your data can be easily stolen, manipulated, deleted and in the worst-case scenario, it can be sold to rival organizations.
What should be done to prevent this situation?
It is important to implement security measures in order to prevent employees from becoming the victim of such phishing emails. One of the most effective strategy is provide employees with cyber-security and awareness training periodically. This will ensure that employees can identify different types and methodologies of cyber attacks.
Organizations should adopt security management approach which should include:
- documented patching process,
- identity access as well as password management,
- an incident response plan.
However, one of the most effective strategy will include security awareness training program that will teach employees about the latest cyber threats.