Cybersecurity terminology can be confusing and complex. At Trava, our goal is to demystify this world and provide you with the tools you need to keep your organization and your data secure. We break down some of the most important terms in cybersecurity, such as phishing, endpoint protection, threats, vulnerabilities, and risk.
What Are “Phishing” Attacks?
A new email just popped into the inbox of one of your new hires. It looks like a request from you, the boss, for them to click on a link and log into the company network. The new employee, ever eager to please, quickly does so, entering their username and password in the process. Done. Your company was just the unknowing victim of a phishing attack.
It’s that simple. You never sent that email. Rather, a hacker posing as you was able to direct your new hire to a custom website meticulously designed to look like yours. Here, the new hire unknowingly entered their full username and password directly into a hacker’s database. Now, the criminals responsible can use that information to breach your organization or sell it on the dark web to the highest bidder.
Phishing is one of the most widespread and insidious cyber attacks today. Nearly 50% of all phishing attacks successfully compromise accounts. Phishing attacks made up about 20% of all data breaches in the past year, costing, on average, over $4 million per breach. One of the reasons for this is that it is cheap and easy to set up. All you need is an email server and a basic website with a form. You can then send out thousands of these emails at once, casting out your bait and hook into the sea of online users, hoping for a few bites.
The other reason phishing is so common is that it strikes at the weakest link in most organizations’ security postures: people. Phishing falls under a category of cyber attacks known as “social engineering,” a fancy way to say that these criminals focus on hacking people instead of machines. This is often the easier approach, and criminals are always lazy. Many organizations have installed firewalls, and anti-malware software has become ubiquitous in modern IT infrastructures. However, to this day, most employees still lack the basic training necessary to know a phishing scam when they see one.
Don’t Take The Bait, Use Trava
As part of our comprehensive security platform, Trava provides a Phishing Simulator. Our Phishing Simulator enables you to send your own test emails to your employees to see how well you have trained them to recognize phishing. By not telling your employees beforehand, they won’t know what is coming, and you will get a more realistic result. Some of your people won’t click on those links, while others may. You can then know what departments or individuals need additional training and can close up those vulnerabilities.
Want to learn more about this topic on the go? Check out our podcast, The Tea on Cybersecurity!