Phishing attacks aimed at stealing legitimate user credentials have been used in the past 24 months to compromise 45% of UK organisations, according to research on behalf of cyber security firm Sophos.
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Although the number of small businesses that have been compromised by this type of attack is lower at 36% the number continues to rise with attacks becoming more sophisticated, with social engineering being used to exploit employees in to handing over customer data, account credentials or private business information.
Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.
Adam Bradley, UK managing director at Sophos, says that “Given the frequency of these attacks, organisations that don’t have basic infrastructure in place to spot people engaging with potentially harmful emails and whether their systems are compromised are likely to encounter some really significant problems,”
Business should ensure that they have spam filters set up on all their email clients, that anti-virus and anti-malware tools scan all incoming attachments before they are opened by employees and cyber security tools are used to stop ransomware even if malicious links are clicked.
Our IT support service covers all these areas, and includes a cyber security briefing for your employees to explain the current threats, what to look for and how to effectively deal with them.