Phishing scams are becoming ever more sophisticated and some companies are struggling to keep up – especially those without access to cybersecurity resources, insurance, and risk management.
Organizations across the world have acknowledged the people problem in cyber, but are still finding it difficult to address it effectively. Phish attack training has reduced the average click rate in malicious emails to around 9-10% – but that still leaves on average one out of every 10 people falling for a phishing scam.
“We need to focus on people patching and the human firewall,” said Anthony Dagostino, global head of cyber risk at Willis Towers Watson. “This requires more effective training and awareness campaigns to make sure people aren’t clicking on things. Hackers know people are vulnerable and they will continue to prey on people in this way.”
In line with the ever-evolving cyber threat, phishing scams are also becoming more and more focused – and dangerous. A trend called whale phishing is on the rise, where hackers target high profile, wealthy or prominent individuals (aka ‘big phish’) because of their status.
“We will see more whale phishing in 2018, where cybercriminals will target individuals based on things like their LinkedIn or Facebook profiles,” Dagostino told Insurance Business. “General counsel, chief financial officers, and even board members are being very specifically targeted just for hackers to get the certain information they have.
“It doesn’t necessarily have to be for a data breach – it’s really corporate espionage-driven. They either want to get information on an upcoming acquisition, or future business plans that they can use for insider trading.”
Criminals are also taking advantage of whale phishing to transfer funds. Corporate espionage and funds transfer fraud are two threats likely to “really emerge” next year, Dagostino added.
Read the full story over at Insurance Business Canada.
This story was summarized by Canadian Fraud News Inc.