Phishing is a much greater danger to companies than malware and should be recognised as a more potent threat – according to one cyber security expert.
Respected cybercrime journalist Graham Cluley has warned businesses that focusing too much attention on preventing malware attacks could cost them in the long run, as they’re more likely to fall foul of a phishing scam instead.
Survey data appears to back up Cluley’s claims, with more than twice as many attacks reported by UK businesses in the past 12 months being attributed to phishing scams rather than malware (at 48% and 22% respectively). In fact, even when combining the number of malware attacks with issues that arose from unpatched systems, the two only accounted for 41% – still lower than phishing alone.
The reason phishing scams are more prevalent (and indeed more successful), Cluley argues, is that they can be deployed at scale for relatively little cost and effort. For example, a cybercriminal could create a single email that requires users to input sensitive information, then send it to as many people as possible across numerous organisations. This is significantly more straightforward than creating an entirely new piece of malware from scratch, then trying to get it established on victims’ devices.
To combat phishing scams, Cluley implored business owners to warn staff members about the dangers of opening third party emails – even if it means having a warning message pop up every time a user clicks through on an email that originated from outside of the company.
Additionally, two-factor authentication could be rolled out to mitigate the impact that any data breaches would have. After all, even if a cyber criminal gets access to a user’s email address and password, they still won’t be able to log in if the process also requires inputting a code that has been sent via text message – for example.
“Phishing may not be the sexiest threat out there,” Cluley concluded, “but do not underestimate its seriousness – and the impact it could have on your organisation if not treated with respect.”