According to a survey from Barracuda, phishing—and particularly spear phishing—has become a lucrative art. The attackers also do not discriminate based on company size. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors.
“Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget—we are all feeling the impact of these attacks,” said Hatem Naguib, senior vice president and general manager for the security business at Barracuda. He noted that criminals are taking the time to personalize the messages, crafting them to be compelling and convincing.
The survey showed that more than half (56%) of those we questioned admitted to being targeted by cyberattacks, with 84% of those admitting their organization felt a significant impact as a result. In fact, on average, organizations had been targeted by cyberattacks five times, with 43% targeted more than five times.
An earlier Barracuda study found that 92% of people surveyed are concerned about ransomware hitting their organization, and nearly half, or 47%, of respondents had been a victim of ransomware already.
The effects of an attack are not limited to the organization itself. More than three in 10 of those we questioned admitted that their customers (35%) and even their employees (32%) had lost faith in their security because of an attack. Perhaps most shocking from a global perspective, around one in five report a temporary closure of business (21%) or a loss of customers altogether (17%).
These figures become even more surprising when assuming that the bigger the company, the larger the security budget.
“Having a sizable security budget isn’t enough to make you immune,” said Naguib. “After all, it doesn’t really matter how much money there is in the budget when the majority of threats are still infiltrating organizations via email. This point brings us back to the very important notion that the most effective security plans include a combination of people and technology.”
Specifically, given that human error is at play, organizations must be prepared with a layered security strategy. That could include spam protection and malware filtering at the gateway, advanced threat protection and sandboxing technologies, and dedicated spear phishing solutions designed to stop highly-personalized attacks.
I will tell you I do not click on any link I do not know. When I see an e-mail from a friend that usually never e-mails me a link I delete it. Being very careful helps a lot!