Phishing for information
Posted on 04/22/2016 at 12:00 AM by John Lande
This blog has repeatedly covered risks posed to financial institutions and other organizations by cyber-attacks. Verizon released a report on data breaches in 2015 that confirms the need to focus on the threat posed by cyber-attacks in 2016.
The Verizon report released some startling statistics. The top three industries to be victimized by cyber-attacks in 2015 were the public sector, financial services, and information. One vector of attack remains very popular with cyber-attackers—phishing emails. Hackers will send fraudulent emails to employees with the goal of getting the employee to click on a link that will (1) install malicious software on the employees’ computer, and/or (2) obtain information from the employee by asking the employee to provide usernames, passwords, and other sensitive information. This blog has previously covered how sophisticated these fraudulent emails can be, so employees can be easily duped into opening a fraudulent email.
The statistics on phishing schemes are not encouraging for boards of directors. Approximately 20 percent of phishing email recipients will open the email, and 10 percent of phishing emails will have an attachment opened. While this may be a relatively small percentage of the email an organization receives, this blog previously explained how even a single employee’s conduct can cost hundreds of thousands of dollars.
Data also revealed that 50 percent of phishing emails are opened and their malicious links clicked on within the first hour after the email is sent, and the median time is one minute, 22 seconds. These statistics mean that there is very little time to identify and quarantine phishing emails. As a result, organizations will need to rely on the recipients of those emails—employees—to identify and delete phishing emails.
There is reason to believe that training employees to identify phishing emails works. After rigorous employee training organizations have been able to reduce the number of employees who fall victim to phishing emails to less than five percent.
Human causes of data breach account for 20 percent of all data breaches—the highest source of all data breaches. Financial institutions and other organizations should take seriously the role that employees play in an effective defense to cyber-attacks. Organizations that do not take the threat serious can face dire consequences from a cyber-attack.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Categories: Cybersecurity Law, John Lande, Employment & Labor Law, Banking Law
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.
