What is Phishing?

December 2019 | Michael Wetherald

Phishing is a cyber attack wherein an adversary sends a message to a victim intending to deceive the victim into disclosing sensitive information. Frequently this tactic is used by criminals to fool victims into disclosing financial information, or credentials for services which might hold valuable information.

Phishing Is An Increasing Threat

Recent reports indicate phishing attacks have become more common than malware. As companies invest millions of dollars in expensive technical solutions to prevent security breaches, the underlying risk of users mistakenly granting access remains.

In February 2015, the health insurance provider Anthem suffered a major data breach caused by a successful phishing attack. This involved the theft of Personally Identifiable Information (PII) of up to 78.8 million current and former customers, and a total cost estimated to exceed $100 million.

How Is It Done?

The goal of a phishing attack is to deceive the recipient into believing the contents of the phishing message include something they want or need. It may be a time sensitive warning from their bank, or important information regarding their responsibilities at work. Something they desire is hidden behind a link to click, or file to download.

How Can You Address The Threat?

Because companies need to balance security restrictions and the freedom users need to efficiently perform their duties, users often need the ability to download and open files without interruption. For the same reasons, there are typically no automated technical solutions in place to prevent the users from opening a web page and typing in their credentials.

The good news is, there are strategies available to find a proper balance of security and functionality. This includes:

• Implement contingencies to mitigate the damage when a user inevitability falls prey to a phishing attack.
• Have your employees take part in Security Awareness Training.
• Run simulated phishing campaigns against your users to help determine how likely a phishing attack is to succeed, and who might need additional training.

Viam Technologies Can Help

We can help you explore strategies for protecting your organization from phishing attacks. We offer an entertaining Security Awareness Training program, and can run automated phishing campaigns to keep your users on their toes. We’re also happy to sit down with you to make sure you are doing what you can to mitigate all of the common cybersecurity risks facing your organization. Finding the right balance between security and functionality is key. Contact us today for a free consultation.