A recent report compiled by Verizon analyses around 80,000 security incidents that took place in 2014.
The report found that 25% of companies that receive a phishing email were likely to open it. Phishing is defined as the attempt to acquire sensitive or private information such as passwords, credit card details and usernames, by masquerading as a trustworthy source.
For example, you receive an online banking email that asks you to log into your account. When you follow the link it takes you to a fake website that looks very similar to the online banking portal, but then records and steals any information that you enter.
Bob Rudis, leading author on the report stated that “Training your employees is a critical element of combating this threat”. Teaching staff to spot fake messages could reduce the number of victims from one in four to one in twenty, he said. Showing workers the tell-tale signs of a phishing email can turn them into another line of defence against hackers.
He continues to say that more than 99% of vulnerabilities exploited in data breaches have been known about for over a year, and some have been around for over a decade. A good regime would help companies to protect themselves against most vulnerabilities.
When analysing these data breaches, the report found that in many of the cases it had taken less than two minutes from a phishing email being sent to catching its first victim. Half of the victims had clicked on the message within the first hour of it being sent.