With 2021 being a record year for cyber attacks, the writing is on the wall; companies need to invest in cyber security to prevent an attack. But with the sheer volume of attack vectors, it’s important that companies are aware of the most common attack types in order to prioritise their spending.
Ransomware has seen a significant increase of nearly 15 percent in the past year – partially spurred on by the growth of ransomware-as-a-service (RaaS) via dark web marketplaces, but phishing is another longtime threat (first being seen in the mid 90’s) that companies need to defend against.
Throughout the past few decades we’ve seen phishing continually develop in complexity and campaigns designed to take advantage of current events. For example, during the COVID-19 pandemic, phishing emails were sent encouraging recipients to enter personal credentials for access to COVID-related information or services. These phishing emails can be incredibly convincing and the sheer volume means that companies that aren’t doing enough to protect themselves are a ticking time bomb.
Here are some critical steps to protect your business from phishing attacks:
- Implement cybersecurity awareness training with your employees and teach them how to spot and react to phishing attacks.
- Use programs like XSurfLog to detect and protect against malicious phishing links.
- Utilise a company password manager to ensure strong, unique passwords are being used.
- Institute advanced email filtering to reduce the amount of phishing emails landing in inboxes.
- Implement MFA anywhere and everywhere possible, preferably with a physical token such as YubiKey.
- Consider getting cyber insurance to protect your company should an attack occur.
We’re here to support your business to avoid falling victim to a phishing attack by providing cyber security awareness training, technical controls, and more. Contact us today to learn more about how we can secure your organisation.