The Truth About Phishing

The Truth About Phishing

Fidus Information Security has created a video in which we set out to rectify one of the biggest misconceptions in the Cyber Security field surrounding phishing.

It is widely reported that many breaches occur due to sophisticated cyber attacks and largely by organised criminal gangs, but just how accurate is this?

Who is Being Phished?

So there you have it, abusing peoples inherent trust is one of today’s main attack methods used by cyber criminals, according to the Cyber Security Breaches Survey 2017; recently released by the Department for Culture Media & Sport. Just under half (46%) of UK businesses have identified at least one cyber security breach or attack in the last 12 months, this figure increases even further among medium and large businesses, at 66% and 68% respectively.

According to the survey, fraudulent and phishing e-mails account for a staggering 72% of all breaches. Some of the surveyed businesses have even reported being breached at least once a month!

 

Why Are Companies Being Phished?

To answer this question, we need to look at the perpetrators sending the e-mails and who they are.

There are two main types of hackers; those who do it purely for amusement and those who are motivated by financial gain. In both cases, data is the end goal. Those who hack for fun aim for data to release into the public to prove they have compromised the target. Whereas those who hack for financial gain will target any data that has a resale value.

61% of all businesses surveyed in the Cyber Security Breaches Survey 2017 admitted to holding personal information about customers in a digital format making them ideal targets for cyber criminals.

 

The Sophistication of Phishing Attacks

15 Year Old Boy, Doing A Phishing Assesment

The NCA have recently reported that the average age of the cyber criminals they are investigating is only 17 years old. In fact, it wasn’t too long ago in which they investigated a 12 year old for purchasing Blackshades, a remote access tool (RAT).

With the rise in ‘point and click’ style tools, attackers are becoming less and less sophisticated and organisations are more at risk than they were in the past.

Contact us today to discover how our managed phishing assessment can test your employee awareness and provide recommendations to prevent you becoming the latest victim.