Would you be able to identify a phishing or whaling exercise if it were to arrive in your email box? Would your CFO, Finance Manager, Accounts Team or Directors be able to identify a fake email?
The Cyber Security Intelligence Index from IBM has revealed that more than 90% of all security incidents involve some form of human error – from following (malicious) links to phishing scams to visiting bad websites, enabling viruses and falling victim to other advanced persistent threats.
Approving a payment request or changing a supplier’s bank account details are ordinary business activities; however, in today’s environment such a small task can have significant impacts on a business.
According to research by Kaspersky Lab and B2B International (in 2017), the financial impact of attacks caused by phishing or social engineering for SMBs was $101,000 USD
Unfortunately, there is no single silver bullet or solution that can completely prevent businesses from falling victim to such attacks. However, the good news is that business risks can be reduces and mitigated through a combination of People, Process and Systems improvements and overall cyber awareness.
People – Regardless of the size of your business, each employee should be aware of their Cyber responsibilities. The Executive and Management team should support such responsibilities, and overall cyber awareness throughout an organisation. Employees should be supported with training activities that assist in reinforcing and continually motivating them to be aware of Cyber threats and applicable counter-measures.
Processes – When was the last time your organisation reviewed their banking and payment processes and procedures? What other risk mitigation strategies have you as an organisation put in place?
Ideally, an organisation should be continuously evaluating processes to identify (potentially) vulnerable processes. Following such a review, mature these processes to reduce the risks associated with such day-to-day activities (as an example making payments or changing bank account details). Such processes should include a second check or factor of validating that a bank account change request or payment originated from an authorised party.
Systems – Provide a level of protection against such attacks, however they do not provide 100% detection rates. However solutions such as Email Security Gateways and Edge Protection solutions significantly reduce an organisation’s attack footprint and reduce the likelihood that a person is presented with the Socially Engineered attack in the first place.
How can Secure-ISS assist?
If you would like to look at further maturing your Cyber awareness frameworks or overall business processes then please get in touch. If you would like gauge how Cyber aware your business is, Secure-ISS can complete (approved) phishing exercises to determine how vulnerable your organisation is to potential social engineering attacks and thereafter-implementing mitigating strategies such as training activities or cyber counter-measures.