Hackers are an ever-present security concern. They’ve hacked the U.S. federal government and Fortune 500 companies, but they don’t turn up their noses at small and medium-sized businesses.
If you’ve turned on the news any time within the past few years, you probably have a solid understanding of just how serious this threat is to your business. What you might not be aware of is the specific threat spear-phishing poses.
Spear-phishing and traditional phishing accounts for 91% of all hacking attacks. Hackers send out emails to you and your employees that appear harmless. Someone in your company opens an email sent by a hacker, clicks a link to what looks like a legitimate website, and shares personal information — and opens the door to the hacker. Now the hacker has access to your confidential documents, financial records, and so much more.
Both traditional phishing and spear-phishing attacks can be devastating to your business, but what sets spear-phishing apart from its traditional counterpart is the targeted nature of a spear-phishing attack. While older phishing attacks attempted to break into your system through widespread spamming in the hopes at least one person will bite, spear-phishing hackers target specific people within your business. They take their time searching through social media to tailor an email that will be hard to resist opening. These more complicated and targeted emails increase the likelihood that one of your employees or even you will fall for it and let the hacker into your systems.
If your gut reaction is telling you that this won’t happen to your company, think again. In December 2014 there were nearly 50,000 successful attacks. These breaches cost businesses $453 million in lost revenue and repair costs. And December 2014 wasn’t a fluke. In fact, these attacks were actually down by 24% compared to the preceding month.
All these numbers boil down to one fact: it’s not a matter of if you will be hit with a spear-phishing attack, but when.
The problem isn’t just that your company will likely be hit with a spear-phishing attack. After all, the damage only comes after the email is opened. So what’s the likelihood that someone in your company is going to open one of these spear-phishing emails? The odds are not in your favor.
Studies have shown that 23% of phishing attack recipients open the hacker’s email. It only takes 10 emails to increase the likelihood of a security breach to 90%. Considering that spear-phishing is even more targeted than the traditional phishing attack that was studied, it is likely that these probabilities are even higher for a spear-phishing attack.
Once you are hit with a successful attack, the numbers only get bleaker. With any security breach, the key to mitigating damage and costs is speed. The only problem is that spear-phishing attacks hit fast and linger silently. Studies show that 50% of all opened attack emails are opened within the first hour. It’s unlikely you will notice a spear-phishing attack before it’s already opened the door to the hacker.
What’s worse is that you might not notice the attack for a long time. In 2013, it took companies an average of 229 days to notice that their networks had been compromised.
If you want to protect your company from the devastating threat of spear-phishing, prevention and awareness are key. Talk to staff about the threat and look into IT security options to keep your company safe before a spear-phishing attack strikes. Be vigilant and continually check your network for malware and other hacker delights. Early detection could save you a lot of money. Finally, build an IT plan so that, should your network ever be compromised, you can react as quickly as possible.
My passion is to make my mark on the world in a positive and lasting way. I want to set an example for my son that his father can compete with integrity in today’s world, be very successful, and leave the world a better place for him.
Combining my technical/business-based education with a long career steadily progressing up the corporate ladder, I decided to build a company that held true to my values. So, I founded and designed the next generation of IT support firm: CTECH Consulting Group Inc. We are a completely automated, cloud-based IT company designed to compete against any other IT firm without the overhead. We promote a lifestyle to all our staff where they can work anywhere, at any time, access any information on any device that is relevant to their job, and collaborate with anyone they want to.