The Value of Simulated Phishing Attacks to Organizations

what is phishing

What is Phishing?

On January 2, 1996, the “AOHell” cyber threat struck America Online (AOL), at that time the No.1 internet provider in the country. AOHell was the name of one of the thousands of programs created by hackers to be used for stealing passwords and credit card information by using AOL’s instant messenger and email systems. This would be the first recorded use of a term that now strikes terror into the hearts of all web users: “phishing”.

Phishing scammers make use of email and website spoofing to convince people to freely divulge sensitive information. If you’ve ever experienced phishing, you would know that these emails and or websites seem legitimate at first glance. This is why unwary individuals end up providing financial or personal information to phishers by clicking on a link or downloading an attachment. These emails usually come in the guise of communication from corporate, banking or financial establishments.

Among the more notorious examples of phishing attacks include the “fappening” in 2014 where private pictures of famous Hollywood celebrities were exposed to the public, the 2016 University of Kansas case where employees ended up giving access to paycheck deposit information, and when Hillary Clinton’s campaign chair John Podesta revealed his Gmail password in 2016.

Consequences of Phishing Attacks on Organizations

Based on the aforementioned examples, the effects of phishing attacks on individuals, companies and other establishments go way beyond economics. Of course, this does not discount the fact that major monetary losses can and do take place.

Other than the possibility of financial ruin, phishing victims also suffer from reputational damage, as in the case of the Hollywood celebrities, and Hillary Clinton who lost to Donald Trump. Institutions that deal with patents, formulas, recipes, and costly research also stand to lose valuable intellectual property to cyber criminals. Moreover, any business that is subject to phishing can lose its own customer and vendor lists, which can then be sold to and used by others.

Phishing Simulations in Organizations

According to 2019 reports, phishing attacks account for 90 percent of data breaches, with business email compromise (BEC) scams responsible for over $12 billion in losses in 2018. To prevent these tragic statistics, and to avoid becoming a phishing victim, phishing simulation campaigns can be implemented to check:

  • How many employees open the spoof email?
  • How many users click on the spoof email link?
  • How many click on the spoof email attachment?
  • How many users report their suspicions?

Based on the data gathered, INTERACTIVE SECURITY can design and conduct better security awareness training programs and arm your establishment against all attempts at fraudulent access.

Reach out to INTERACTIVE SECURITY today to learn more about simulated phishing attacks against your organization and protect your business in the brave new world of internet hackers! WE’RE HERE TO MAKE IT EASY ON YOU! www.intactsec.com

INTERACTIVE SECURITY, INC. has been at the forefront of providing industry leading expert information technology security services to clients across the globe – focused on IT Security Auditing & Compliance.

We pride ourselves on Making ~ IT COMPLIANCE OBTAINABLE, SIMPLE AND AFFORDABLE.

VULNERABILITY / PENETRATION ASSESSMENTS ~ APPLICATION SECURITY ~ STATE COMPLIANCY LAWS ~ PCI ~ HIPAA ~ HITRUST ~ ISO 27001 ~ FEDRAMP ~ FISMA/NIST ~ GDPR ~ PRIVACY SHIELD ~ SECURITY AWARENESS

*** Stats provided in https://retruster.com/blog/2019-phishing-and-email-fraud-statistics.html combine 2018 and 2019 data ***

Shawn Corrigan

Shawn Corrigan

Shawn Corrigan is the President and Founder of Interactive Security Holdings Inc. Interactive Security has grown into a global company offering IT Compliance Auditing services for small to large companies - focused on making it obtainable, simple and affordable. With over 20 years in the BPO and Financial industry working at the executive level, Corrigan has experienced the pitfalls, trials and tribulations of bringing an enterprise organization into IT compliance. Corrigan has designed a methodology geared at guiding clients of any size to successfully achieve compliance and ultimately obtain compliance certification. Corrigan is certified as a FISMA – NIST Implementor, PCI-DSS QSA, HiTRUST Certified Practitioner and HiTRUST Certified Quality Professional, ISO 27001 Lead Auditor and Implementor