On average, a cyber attack costs small businesses $53,987. While this is much less than the loss millions medium and large enterprises experience, proportion to size it is substantial. And one of the ways hackers wreak this havoc is using phishing attacks.
So, what does a phishing attack costs your business?
A new infographic from Avanan, offers some great insights into this cyber threat and what you can do about it.
According to the Federal Trade Commission (FTC), phishing is “A type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source.” The scammers pretend to be an internet service provider, a bank, a mortgage company, or other entities.
The scammers look to gain your trust with these official-looking emails so you can open it. And once you open it, the damage is done.
The FTC has some valuable information on phishing attacks, here.
According to Avanan’s phishing statistics, 1 in every 99 emails is a phishing attack. And this amounts to 4.8 emails per employee in a five-day work week. Considering close to a third or 30% phishing emails make it past default security, the threat is very much present.
The success rate of these attacks has emboldened scammers to launch more of them. Avanan reports an increase of 65% in phishing attacks from 2016 to 2017. And this is a global phenomenon affecting every region and economy.
In 2018 83% of people received phishing attacks worldwide resulting in a range of disruptions and damages. This includes decreased productivity (67%), loss of propriety data (54%), and damage to reputation (50%).
When it comes to the attacks, 2 in 3 phishing attempts use a malicious link and over half contain malware.
Types of Phishing Attacks
There are several different types of phishing attacks, and the type the scammers use depends on their end goal.
The largest form of phishing attacks, at 51%, is a malware attack. With this form of attack, a hidden malware in a link triggers a download. The file then allows the hacker to carry out a range of actions. This includes everything from holding the device hostage to stealing information, spying, and much more.
Credential harvesting is the next type of phishing, and it makes up 41% of the attacks. They impersonate trusted brands with the goal of luring their victims to reveal passwords or payment information. This is followed by extortion at 8%, and spear phishing at 0.4% of the attacks.
The cost is related to the type of phishing attack. The biggest damage comes from spear phishing at $7.2 million, malware at $2.4 million, extortion at $5,000, and credential harvesting at $400 per account.
What Can You Do?
Avanan specializes in securing cloud email, messaging, and file sharing tools from phishing, malware, data loss, and more.
The company recommends businesses to get an email security platform with a tool capable of catching attacks before they reach the inbox. Look for features which include intelligent scanning, full-suite protection, and layered security.
It is important to note it only takes one employee to expose your business to this threat. When they take the bait and click on that malicious link, the damage is done. This is why strict security policies have to be put in place along with stricter governance.
By making everyone in your organization accountable, the security protocols will protect you. It becomes a problem when the protocols are not followed.
As Avanan says, “A secure email is the key to a secure business.”
More Phishing Statistics
Take a look at the rest of the phishing statistics in the infographic below.