By the DynaSis Team
In early September, we wrote about cyber-attacks and the role that human gullibility plays in them. (If you didn’t read that blog, the answer is “a very, very big one.”) We also offered some suggestions to help business owners protect themselves against vulnerability.
Now, we’ve come across some additional information you might find useful. In this article, we’ll offer not only startling statistics but also some of the keywords that signal danger. First, let’s discuss the statistics.
Over the past decade, the number of spear-phishing attacks (phony emails designed to trick recipients into exposing confidential information) has grown to an alarming number. According to security software developer Symantec, spear phishing campaigns in 2013 rose by 91% over 2012. As of 2013, one in every 392 emails was sent for the purpose of spear phishing. That may sound like a small number (approximately .025 percent), but consider how many email messages your company sends per day or per year. (The average employee sends or receives approximately 115 emails per day.)
Enterprise employees aren’t the only gullible ones, either. The U.S. Department of Defense has been compromised by unwitting employees responding to spear phishing emails. The massive 2012 Department of Revenue data breach in South Carolina that compromised the private data of 3.8 million taxpayers, 1.9 million dependents, 699,900 businesses and 3.3 million banks started with a spear-phishing email.
Furthermore, the risk of data breaches is exploding. In 2013, the number of identities that were exposed (by all types of attacks) rose 700% over 2012. And, with the courts now holding companies financially and legally accountable for not protecting their data from breaches, the stakes are higher than ever.
Now, for some good news. Hackers know that spear-phishing attacks are more likely to be successful if they use certain words, with Order and Payment being the top two. Other commonly used words include documents, declassified, accounting and important. Companies with robust email security solutions can screen out spear phishing emails―and even ensure emails containing commonly used words receive extra scrutiny.
If you haven’t shared these dangerous keywords with your personnel, we encourage you to do so. It’s also helpful to run training exercises where you test your employees with fake emails to see who falls prey to them. You may be surprised with who takes the bait.
To learn more about spear phishing, cyber threats or digital security, please give us a call.