Most likely due to their sharp focus in making their small- and medium-sized businesses (SMBs) grow, business owners and managers are likely to view email only as a communication tool. That is, they tend to not think about the dangers of using email — or if they do, they just shrug these off as the problems of much larger corporations.
If only these owners and managers were aware of what’s going on with email security these days, then they’ll probably have a different line of thinking. Here are but some of the latest statistics and facts that will paint a clear picture for them.
30% of small organizations recognize phishing as a top threat
In a phishing attack, threat actors pretend to be trustworthy persons or firms and send out fraudulent emails. This is very much like how fishers cast nets with lures hanging from hooks strewn along the mesh, which is why phishing sounds like “fishing.” While not every recipient opens the email, some do so out of curiosity, fear, and a sense of urgency.
|Emotion evoked||Sample email subject line|
|Curiosity||"Secrets to losing fat without exercise"|
|Fear of present day threats||"Uptick in COVID-19 infections in your neighborhood"|
|Sense of urgency to follow what appears
to be a legitimate command or request form a
superior or business partner
|"Pay an overdue invoice to the supplier's new account"|
Those who do open such emails are often duped into entering their access credentials in login prompts of spoofed websites or downloading bad attachments. These attachments contain malware that exfiltrates data, logs keystrokes to steal passwords, or locks users out of their machines unless they pay a ransom.
According to Verizon’s 2020 Data Breach Investigations Report (DBIR), 30% of the small firms in their survey identified phishing as their top threat. This simply means that email-based threats that target SMBs are actually widespread and businesses need to guard against these.
Some parts of the country saw a 600% uptick in phishing scams
In its report, NetSTAR stated that from February to May 2020, cybercriminals scaled up their phishing efforts by focusing on Americans’ anxieties about COVID-19. Fraudsters pretended to be from the WHO, FDA, CDC, and other trusted institutions. They claimed that they had the latest information on the state and federal guidelines, how to beat the disease, and where to get the cure for it (when none yet existed).
At a time when misinformation is rampant and public health is politicized, SMB owners and managers must lead their organizations to become hypervigilant against COVID-19-themed phishing scams.
At 1,425% ROI, cybercrime pays
SMBs don’t often allocate resources to cybersecurity, making them especially vulnerable to ransomware attacks and data breaches. Companies that fall victim to ransomware often choose to pay the ransom instead of suffering losses due to protracted downtime. Data breaches are also profitable because certain types of data, such as credit card details and health information, fetch considerable sums on the dark web.
In short, cybercriminals have enough incentive to victimize even small businesses. While SMBs may not be able to cover as many bases as large enterprises can, SMBs can prioritize addressing top threats, such as phishing.
To do this, they only need to turn to Graphus. Graphus’ EmployeeShield® uses artificial intelligence to:
- Create trusted email profiles of employees and who they communicate with
- Identify irregularities that may be signs of phishing
- Continuously learn from legitimate user interactions and feedback to better flag emerging threats
Because of these, Graphus can block potential phishing scams, even the ones that manage to get through the filters of Google and Microsoft. And because this cybersecurity solution is cloud-based, there is no new hardware or software to install and manage. Within minutes, you can deploy it and go back to business as usual.
See Graphus in action for yourself — try our FREE demo today!