90% of all security attacks start with phishing. A successful phishing attack is just the beginning of your problem. These types of attacks are often used so the hacker get a foot in the door, and later can execute bigger attacks.
From Hollywood movies we often see extremely dramatic attacks, someone who breaks a difficult code or enters a building through the roof. In real-life, that is not how attacks go down.
Cybercriminals care about security and ROI, just like most businesses do. Sending an email is a lot safer and far more profitable than most other methods. The average time it takes before the first click in a phishing-email is 100 seconds. That means that in less than two minutes, the hacker knows whether the attack has been successful or not.
The most known method is probably fake links, but email has become far more flexible over the years and phishing-attacks now use a series of methods other than fake links. Social engineering is a method where the cybercriminal use technology to reach humans and try to gather personal information.
We are all social beings and happily share information about our company online. This can be abused by the hacker. They can figure out when a company attends trade shows or how the boss speaks through reading quotes and learn their wording. This is information they utilize when they carry out attacks.
A fourth method cybercriminals use is leakage of sensitive information. This does not necessarily happen because the hacker is interested in the information, even though industrial espionage also happens, but because they are interested in the information that is valuable for us. If the hacker gets hold of sensitive information, he/she can later use this in a ransomware attack.
To protect oneself from an attack is a lot harder than to carry it out; after all, the hacker only has to succeed once while the company has to stop the hacker from succeeding every single time. Even though phishing might seem as a more harmless form for attack, it is often the first step of a bigger attack. Your company’s best chance of stopping it from happening, is to stop them early on.