How to Reduce the Risks of a Phishing Attack

    By Jed Morley, Senior Cyber Security Analyst

    Jed Morley

    Organisations today are facing an increasing amount of complex cybercrime while being left vulnerable for a multitude of reasons.

    A recent government survey shows that in the last 12 months, 39% of UK businesses identified a cyberattack. What’s more, among that 39%, the most common threat vector was phishing attempts (83%). Given most compromises began with someone clicking on a link or opening a file that had been infected, cyber protection for your business is more important than ever.

    Falling for phishing attacks can have severe consequences for your business, including loss of money, stolen intellectual property, data exposure, disruption of operational activities, not to mention damage to your company’s reputation. Often the harm can be irreparable.

    In many cases, traditional approaches to IT security are not sustainable to tackle the modern threat landscape organisations are facing. As technologies advance, so does the threat to your business. The key question is, why exactly could your organisation be vulnerable to phishing attacks right now?

    What is Phishing?

    Phishing attacks seek to steal or damage sensitive data by misleading people into disclosing personal information. Scammers disguise themselves as trustworthy sources to gain access to all types of sensitive data. Phishing is the fastest way to compromise a system and it can be as simple as owning a mobile phone or an email address and a malicious intent to start harvesting information.

    It’s part of a technique called Social Engineering, which is a method to gather information through manipulation or to gain access to systems holding sensitive information. Whether it’s a post on social media that promises free products, to convincing you that a parcel was missed, bad actors rely on victims trusting that a source is reputable, and as a result disclosing valuable information. The way that emails are created by these groups make sure that they look genuine, even down to the email address that it is coming from.

    Why your Business is Vulnerable to Phishing

    As organisations evolve and cloud technologies become increasingly commoditised, businesses often lack in-demand skills in-house to keep up with advancements, leading to a gap in awareness of current trends, particularly when it comes to cyber security. A 2022 cyber security report found that a key contributor to cyber security risks is a lack of awareness about what threat intelligence is, particularly in organisations that do not have a specific IT or cyber security team.

    The same report cited that a shortfall in board level expertise presented a significant barrier to driving the right action in terms of an organisation’s overall cyber security approach. Another challenge for security teams is getting sufficient funding to improve cyber security maturity, especially when competing for budget against other business demands.

    Without a skilled team or adequate tooling in place, you leave your business exposed to phishing attacks, which can be amplified without sufficient buy in at C-level.

    Awareness is key

    Helping your people to understand what cyber security is, why it’s important and making them cyber aware could be the difference between a close call and a security nightmare.

    Key things to train your people to look out for are: what address did an email come from? Does the email make sense? Are there spelling mistakes or poor language? Is the request unusual? Does it ask for a payment? Does it appear to be coming from a leader in the business?

    Hovering over links that are sent is also another great way of sense checking whether an email is legitimate, as a common trait in phishing is masking links to make them look like they are safe to click.

    Awareness is key to identifying any phishing email so educating users should always be the first step for any business.

    How Secure is your Business Really?

    Even if you think you are the cyber security equivalent of Fort Knox, it’s best to review your current security posture to understand your security capability against industry best practices.

    This will help to identify areas of strength and those in need of improvement to protect your intellectual property and improve overall cyber security resilience against an ever-changing threat landscape.

    You can do this in-house or ask a team of experts to review it with best practice in mind. It comes down to assessing whether your cloud environment is as secure as you want it to be.

    Protect before it's too late

    Phishing can be concerning, and bad actors are only getting more and more sophisticated with their techniques. A defence suite that is trustworthy, reliable, and secure by design correctly identifies more advanced methods, such as email security services and malware protection. Once you know how to improve your security posture, give your business more control by investing in modern threat surveillance, to give your people and customers peace of mind.

    We’re running a series of cyber security workshops designed to help you understand your security posture and how to improve it.

    Shadow Hunter is an immersive online workshop hosted by BJSS that puts your team into an intense, real-world security breach simulation. In this workshop, your team will gain hands-on experience with Microsoft products and put their cyber security knowledge to the test.

    We’re also running a Defend Against Threats with SIEM Plus XDR workshop. As part of this workshop, our security experts will partner with you to strengthen your organisation’s approach to cyber security, and help you better understand how to prioritise and mitigate potential attacks.

    The potential impact on every organisation as a result of phishing attacks requires end-to-end protection, and BJSS is committed to ensuring your organisation is protected and supported.

    Contact us to see how we can support you and your customers.