No business is too small to get caught up in phishing
THINK your company is too small to be attractive to a cyber criminal? Or that you're too savvy to get caught out online? In fact anyone can fall prey to fraudsters. And some research suggests that overconfidence can make you more vulnerable.
We're so used to the obvious “Congratulations, you've won the lottery and now please provide your bank details so we can send you your winnings” phishing email, the ones requesting personal information such as banking details, that we know too quickly to dismiss it.
But it's not just specifically crafted emails which fraudsters use to target individuals. Other means of socially engineering people - of duping us - include phone calls, live chats and texts. And they're becoming more adept at using them well, as was evident following the unprecedented - and incredibly public - strike at a large tech company most recently.
You would expect that large organisations would be alert to these kinds of threats, finding it easy to spot and ignore. However, it goes to show that even these are not immune, and the results can be hugely damaging.
Between March and May, LinkedIn saw a 60 per cent rise in the volume of its users searching specifically for remote working opportunities and this has been mirrored by a rapid shift in attitudes amongst workers. This sea-change in attitudes means that as organisations deal with rewriting operational hand books and adjusting to increased levels of remote working, targeting employees remains the single greatest threat.
Working with new technologies, whilst juggling multiple priorities including the increase in conference calls can result in fatigue and our guard can drop.
Fraudsters are alert to this and will not miss a chance to exploit it. One example, emails that arrive late in the day, designed in such a way as to imitate legitimate suppliers or service providers land in your inbox.
Given your familiarity with having received similar emails in the past you think nothing of clicking on the links asking you to download the attached invoice or to confirm your subscription details are correct.
Little did you know that by clicking on that link you've just provided the fraudsters with access to your emails and computer systems. They use whatever leverage they can to exploit the situation, encrypting systems and potentially holding you to ransom, or using your legitimate accounts and information to target your clients, suppliers and customers, often for financial gain.
Organisations need to ensure that their employees are alert to these kinds of attacks, which can have devastating impacts on a business. Regular training and testing of your defences, including assessing how your employees react when they receive suspicious emails, is very important.
You are not going to stop every threat so it is equally important that you have a tried and tested plan in place to investigate and remediate the situation when attacks like this are successful. How you respond can have a huge impact on your business - both financially and reputationally.
The recent high-profile attack was stopped quickly though not before a number of people fell foul of it. And it is the indirect costs to the company of dealing with this type of incident - as individuals and organisations can make claims for compensation - that no company wants to have to face.
:: Ronan Magee is director (digital & forensic investigations) at PwC in Belfast