Email communication is invaluable to modern business, but an overwhelming 85% of all emails are considered spam by user standards. Most spam is merely annoying, while some emails are a cloaked and dangerous attack. Of the 14.5 billion spam messages sent to inboxes every day, 3 billion are phishing emails. While phishing schemes come in many disguises, they all share one common goal: to steal the recipient’s personal information.
Phishing rarely stops after it gets the information it wants. Often, phishing is the opening move in a more sophisticated attack. More than half of all phishing emails contain malware designed to harm your computer in the hopes of extracting money. Due to its global nature and difficulty to prosecute, cybercrime is growing more lucrative every year.
No one is completely safe from cybercrime. Ransomware attacks have reached big businesses, to devastating effect. A fifth of the production at meat processing giant JBS was stopped recently by an organized attack. The US faced a massive gas panic when ransomware locked down Colonial Pipeline’s digital equipment, crippling their supply line. Size and number of resources are no guarantee your company won’t be victimized by cybercriminals.
However, size and resources do help predict recovery from a cyberattack. Many small businesses cannot afford to bounce back after a phishing attack upends their business operations. It can take between 2 and 6 weeks for small businesses to recover from ransomware. Even more damaging is the reputational damage after failing to protect consumer data. Up to 70% of customers may stop shopping at a business after being notified of a data breach. Compound these two facts with the initial attack, and the odds can become insurmountable. More than 60% of small businesses close forever in the 6 months following a phishing attack.
What can companies (of all sizes) do to defend themselves against phishing? Establishing an employee training program is a good place to start. Right now, a depressing 19.8% of employees still click on phishing links when tested. Regular cybersecurity training, while not foolproof, can whittle this number down. Every phishing link not clicked is a crisis averted.
Next, companies should verify all invoices and payments. Many phishing attacks involve credential harvesting, and invoice fraud is a relatively easy way to steal from a company. No matter what other tools a business employs, they should always keep a human eye out for discrepancies. Up to 25% of phishing emails are capable of bypassing default company security.
Finally, email security programs are worth the investment. Advancements in AI are working to block phishing emails from entering the inbox. The most advanced program allows only 5.1 malicious emails through for every 100,000 emails received, thwarting phishing schemes before they begin.