For many years the media has been flooded with articles about phishing. They’re about how phishing is a threat. How to prevent it. Who the unlikely people are that just got breached. Many people are so desensitized to reading about phishing they tune it out. This begs the question, just how long is phishing going to be around for? Will it ever go away? How big of a threat is it?
Will phishing ever go away? The short answer is, unfortunately, no. At least not anytime soon. As long as email remains a primary way people communicate, there will be people who try to abuse it.
What is Phishing?
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
According to CSO Magazine, what really distinguishes phishing is the form the message takes. The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
Why is Phishing So Prevalent?
Phishing is effective because it still works. There is a sizable number of organizations out there, if not even the majority of them, which continue to have weak patching processes in place. This enables malware to easily take hold. Robust security awareness training is not embedded in every company’s operating procedures. Multifactor authentication is still not used everywhere, making that stolen password very useful. Email domains are still easily spoofed because they are not signed by the owner.
The phishing threat has been and always will be about economics. Attackers will continue to use phishing as a way to disperse malware or gain access to systems. They’ll keep doing this until phishing is no longer effective or economically beneficial. Despite all of the compromises in recent years due to phishing, it’s still around. It’s still around because phishing still works, it’s easy, and it’s profitable.
How Big of a Threat is Phishing?
How big of a threat is it? Phishing has been and currently is still a primary way for all kinds of badness to happen to you on the Internet. Many, if not most, malware infections come from either malicious attachments or a user clicking on a malicious link. Users continue to get tricked into providing login credentials on phishing sites. Malicious actors convincingly impersonate someone else. They make fraudulent orders and even get people to send fraudulent payments.
Key Takeaways for Your Business
Tom Northrup said that “all organizations are perfectly designed to get the results they are now getting. If we want different results, we must change the way we do things.” As an organization, the best thing you can do is make yourself better prepared than the organizations around you. Take a moment to think about this threat. How would your leadership or board see a major compromise? What could you have done differently? Act now to assess your controls. Use best practices to secure your environment and your users. There is no way to eliminate this threat, but you can actively manage it. Do it now before it’s too late.