Spear Phishing Is on the Rise!

Cyberattacks are one of the biggest threats that businesses face today. One popular tactic, spear phishing, is on the rise, so be alert!

88% of all data breaches are caused by employee actions.

Spear phishing is the act of sending emails from a known sender’s name to increase the chances of the recipient trusting and opening the email and taking action that unintentionally hurts the organization. Cybercriminals often target all levels of employees from low-to-mid level employees in addition to management level—anywhere they think they can make an inroad. It is important to train all employees about spear phishing cyberattacks because 88% of all data breaches are caused by employee actions. Requiring that ALL employees participate in security awareness training significantly reduces the chances of an employee-caused attack.

Are you well positioned against a targeted spear phishing cyberattack?

Let’s review two recent incidents.

Incident #1: Headed for Disaster
“Sitting Duck Partners” came to us concerned they were victims of a spear phishing attack. This company was very susceptible to the attack because they had not taken the steps to keep their company safe. Their two biggest mistakes: Their employees were not educated on how to identify emails that can be a threat to their company, and they did not use Multi-Factor Authentication (MFA). They were a prime target for a phishing email. By not being prepared for an attack like this, “Sitting Duck Partners” not only gave the criminals $150,000 but had to deal with other repercussions, including increased stress, and loss of days of productivity within their business.

Incident #2: Taking the Right Approach
Contrast this with “All Our Ducks In A Row, Inc.”, who came to us saying that they think they were targeted by a spear phishing email. Thankfully for them, their employees were trained on how to recognize a suspicious email, making the spear phishing attack unsuccessful. The staff member who received the email, immediately raised a red flag, and deleted the email. Choosing to train their employees on how to utilize things like strong passwords, MFA, and equipping them with knowledge of how to identify the different types of threats such as phishing emails was key to the protection for “All Our Ducks In A Row, Inc.”

Keeping your employees up to date on trending cybercrime tactics plays a huge part in keeping your company safe from becoming a victim of a cyberattack. IT Radix offers cybersecurity training geared to your company’s specific needs. Contact IT Radix today to learn more about our employee cybersecurity training and testing.

First published in our October 2022 IT Radix Resource newsletter