When I was an Information Security Manager, it was my team’s job to keep our networks and data safe from bad actors who wanted to compromise them. We put in state-of-the-art systems and tools, stayed up to date on all the latest trends and threats, attended security conferences, and worked with ethical hackers. We even hired a security consulting team that would, twice a year, try to breach our systems to assess how well our security mechanisms worked. And they confirmed what we already knew – our systems were super secure, and the security team was at the top of their game.
Curious about how the security consultants finally breached our organization?
They sent a group of our employees a phishing email to renew their license, and one of them clicked the malicious link inside it. When our tools stopped the malware from running, they performed another type of social engineering – they called the employee directly and, while pretending to be someone on our security team, asked her to type a malicious URL into her browser address bar.
How Phishing Impacts Your Organization
Phishing is a type of social engineering done through email that convinces the person receiving the message to click malicious links, download malicious attachments, and reveal confidential information to compromise an organization. Phishing emails are one of the most pervasive threats we face in keeping our networks and data secure and affect every industry, organization, and employee.
Here are just a few phishing statistics1 according to CISCO’s Cybersecurity Threat Trends Report2 to put this in perspective:
- Phishing is responsible for 90% of data breaches
- 86% of organizations have had at least one person click a malicious link in a phishing email
- 65% of targeted attacks were spear phishing, which is when the bad actors target a specific person or group of people in an organization
- When a phishing attack is successful, organizations lost data (60%), had credentials or accounts compromised (52%), were infected with ransomware (47%), were infected with malware (29%), and experienced financial loss (18%)
- Phishing is the second most expensive cause of a data breach, with an average cost to businesses of a whopping $4.65 million
And the most telling statistic of all? When asked “What is phishing?,” only 52% of people in the United States could answer the question correctly.
Address Phishing With ZenGRC
But it’s not all bad news! It’s clear that effective security awareness programs and security-minded employees are crucial components in preventing breaches. With ZenGRC, you can keep track of your program’s effectiveness to ensure your employees are learning the right information at the right time to keep your organization safe and your data secure. And bonus, you can also ensure you’re staying compliant with your security frameworks! That’s a win-win for both risk and compliance.
Why not give it a try? Register for a FREE live demo to see ZenGRC in action.