Your Employees are Clicking Phishing Links – Your Business May Not Survive

Since the invention of email, we’ve become very accustomed to receiving lots of junk mail every single day, but you may not be aware of just how bad it’s gotten. Today, 85% of all emails received are considered spam. Some of these emails are just irritating, but others are much more dangerous than that. 


Currently, 14.5 billion spam emails are sent out every single day. Spam emails are just irrelevant or inappropriate messages sent to a large number of recipients. However, phishing emails are much worse. These fraudulent emails are sent with the intent to steal personal information, and there are at least 3 billion of these sent every day. There could be many more phishing emails that go undetected or unreported. 


Phishing attacks include money scams, like “get rich quick” schemes or fake charity donations. They include address spoofing (using a legitimate email to send malicious content), malware warnings, spearphishing (highly researched attacks that target single organizations), extortion, and credential harvesting. 


The real cost of phishing can go far beyond an attack on a single individual. Phishing is often the first step of a much more sophisticated attack. More than half of all phishing emails contain malware and there are currently 184 million ransomware attacks per year, but that number is growing rapidly. 


Ransomware attacks are responsible for attacks on very big businesses, such as the attack on the Colonial Pipeline in early 2021. This ransomware attack locked down equipment and caused a halt in the supply chain and a huge fuel panic. 


Phishing emails and ransomware can cost every business, large or small. These attacks obviously cost businesses money, but a successful ransomware attack can also cause a business to completely fail. These emails also cost businesses time as it takes an average of 83 hours for IT teams to uncover malicious emails. It costs customer retention as well as customers may need to be notified of a breach and 70% will stop shopping with a business post data breach. Finally, phishing emails cost businesses productivity. Apps like Teams and Office 365 can be used to infiltrate networks and the average employee spends 28% of their day filtering and screening emails. 


Phishing emails can be easy to overlook. They’re crafted to seem legitimate. In fact, one in every 25 branded emails are actually phishing attacks and 19.8% of employees click phishing links. If an individual or business falls victim to a phishing attack, there’s very little that can be done. Only 3 in every 100,000 cybercrimes are ever prosecuted and 1 in 3 people have no idea how to secure their data. 


There are 4 main steps to securing emails and data. The first thing businesses need to do is to establish an employee training program as 85% of scams involve human error and only 57% of offices offer regular cybersecurity training. The second thing is to verify all invoices and payments. Fifty-four percent of attacks involve credential harvesting. The third thing is to keep an eye on discrepancies. Fifty-one percent of attacks are too advanced for regular protection programs. The fourth thing to do is to invest in email security programs. Forty-three percent of all businesses do not have a cybersecurity plan and 25% of phishing emails bypass default security. 


For businesses large and small, the defense must be stronger than the attack.