top of page
Writer's pictureSujosu Technology

Top Security Threat - Phishing

Updated: Nov 18

Phishing is a type of social engineering attack that uses fraudulent emails, text messages, phone calls or websites to trick people. Attackers usually pretend to be trusted entities to dupe users and cause them to share sensitive and personally identifiable information, download malware, or expose themselves to cybercrime/ cyberfraud.



A phishing attack can occur in one of several ways. Spear phishing targets victims with customized messages, often appearing to be from colleagues or close acquaintances. In vishing (voice phishing), attackers use phone calls to extract sensitive information under the guise of legitimate requests. In smishing (SMS phishing), attackers send text messages urging victims to take such immediate action as clicking a (malicious) link to track an undelivered package etc.

According to the “2023 Mid-Year Cyber Security Report” by Checkpoint Research, phishing was one of the most common methods for spreading malware. IBM’s “Cost of a Data Breach” report stated that phishing is the most common data breach vector, accounting for 15% of all breaches.


Impact

  • Victim organizations may incur significant financial losses as attackers can steal credentials, or send fake invoices to dupe people.

  • Sensitive data may be leaked owing to phishing attacks, causing loss of confidentiality.

  • Organizations may suffer from downtime and loss of productivity. If attackers are successful, they can install malware, which may cause system outages and other business disruptions.

  • Phishing attacks may damage an organization’s brand image as attackers can send out spam or other malicious emails posing as the organization’s representative. This may lead to loss of customer base.

  • Breach of sensitive data or personally identifiable information owing to phishing attacks may cause organizations to face litigations.


Controls

  • Organizations should implement a comprehensive security policy.

  • Anti-phishing tools and techniques should be implemented and updated at regular intervals. These may include multi-factor authentication, anti-malware, spam filters and email security software, web filters, endpoint security tools etc.

  • Users should have limited access to critical systems and data. Privileged access should only be granted on a need-to-know and need-to-use basis.

  • Users should be provided with continuous training on how to prevent, identify, and report phishing attacks.


How Sujosu Can Help

Sujosu Technology can help you identify areas of concern and assess your application and infrastructure security risk. Our consultants can suggest appropriate countermeasures and provide awareness / training to prevent, detect, identify, and recover from security attacks. Engage with us and remain cyber-secure.

 

12 views0 comments

Recent Posts

See All

Comments


bottom of page