Phishing is incredibly common, yet most people feel it has gotten harder to spot in recent years. Cyber criminals rely on their knowledge of human psychology to make you do things you wouldn’t normally do. They also know that if they scare you enough they can manipulate you into doing what they want you to do. Unfortunately, businesses spend a lot of money cleaning up phishing attacks, so prevention is crucial. Can training employees better prevent phishing attacks from taking place?
Phishing Is Incredibly Common
In 2018, 83% of people and 64% of businesses received phishing emails or were attacked. About half of hackers know full well that finding and exploiting a security flaw in a program or firewall is a lot harder than exploiting human nature, so they go after what’s easiest – you. Emotional exploits more than doubled between 2013 and 2018. This usually looks like something that would need your urgent and undivided attention were it true – subject lines like “Toll Violation Notice” and “Invoice Payment Requested” and even “Updated Building Evacuation Plan” play off your sense of urgency and even safety.
Hackers know that if they can get your attention and give you even the tiniest moment of panic your reptilian brain will take over and try to fix the problem as quickly as possible. When you are panicked, you are less likely to be able to think clearly and more likely to make mistakes. If you can click a link and input your credit card information to make it go away, that seems relatively low risk when you are already on edge. Hackers know this and that’s how they exploit you.
Phishing Emails Come Every Day – You Just Don’t Notice
According to at least one estimate, 384 billion emails are being sent on a daily basis, and some 85% of them are spam. We don’t see that many, though, because of the extreme lengths email service providers go to in order to keep them out of our general inboxes. This lulls people into a false sense of security, making them believe they aren’t receiving spam or phishing emails at great volume every day. This means that when one of them does break through the filters and land in the regular inbox then it’s that much harder to discern.
Phishing Is Expensive
Businesses lose an average of $2 million for each successful phishing attack they fall victim to. This is due to the cost of cleaning up the attack, which is also difficult and time consuming, as well as the cost of reputational damage, which can be ongoing. A third of consumers will stop using a business after a data breach. Unfortunately, 72% of employees report that it has gotten more difficult in recent years to spot a phishing attack, which means that better training is needed to stay on top of hackers’ latest methods.
See Also: The Cost of Email Phishing
Training Plus Tech Can Prevent Phishing
Obviously your first line of defense against phishing attacks is going to be tech related. Email filters and cyber security will keep the majority of phishing emails at bay. But for those few emails that do make it through, better staff training can help catch them.
Employees often are instructed to forward suspicious emails to the IT department, but only a small percentage of those forwarded emails are actually malicious. Giving employees feedback about how well they are doing can help them learn to spot suspicious emails better and faster.
Three quarters of hackers say they are rarely impressed with an organization’s security measures, but that doesn’t have to be the case. Roughly half of information security professionals believe that training has reduced the success of phishing attacks within their organizations. Training employees to spot attacks, giving them feedback about their accuracy, and giving them access to the tools they need to be successful can do more to stop hacking than traditional methods.
In 2018, 93% of phishing attacks weren’t because of faulty software that hackers were able to penetrate – they happened as a result of phishing emails and human error. Training employees to spot phishing attacks has never been more important than it is right now. Learn more about the importance of employee training to stop phishing attacks from the infographic below.