American companies and individuals paid $325 million in ransomware in 2015 and attacks are on the rise. Ransomware has been detected on 753,684 U.S. computers and is one of the biggest threats to businesses of all sizes in 2017 and beyond.
Ransomware is only one type of over 200,000 new malware samples are being discovered every day. A new major zero-day (as in zero warning) vulnerability is being found at least every other week.
How are Criminals Infecting Us with Their Malware?
Email continues to be the #1 attack vector for criminals and most major attacks begin with phishing attacks. Employees click on malicious email links and are asked to provide confidential information or open malicious attached documents and become infected. Infected computers may contain ransomware (Encrypting your data) or may be the beginning of a larger attack to steal data from your company’s network.
How serious are criminals? Over 100,000 new phony phishing websites were created a month in 2016. Each one of these Websites represents a separate attack effort (per APWG). These phony Websites impersonate approximately 350 new legitimate brand sites each month making it difficult for employees to know what to believe.
A recent study by Verizon showed that 13% of all people will click on a phishing email link or attachment and that 10% of phishing incidents result in a data breach.
So, What Can You Do to Reduce the Risk?
Companies absolutely need the best overlapping core security for our companies including endpoint, email, Web security and security monitoring. A multi-factor authentication solution is a must since passwords are typically what get compromised by phishing attacks. Risk assessments to determine your weakest links and security gaps are also essential.
But for most companies, your biggest risk is your employees, including your management team.
The Answer: Security Awareness Training & Phishing Simulations
Phishing and social engineering targets your weakest link, your people, and attempts to exploit their human tendencies.
The minimum ante for security must now include Security awareness training and phishing simulations.
What you get with these solutions is:
- On-demand online Training for each employee
- Retention testing so you can check compliance and progress
- Periodic Customizable Phishing simulation testing
- Management Reporting
- Security awareness training aids
The good news is that every company can afford this type of solution. And conversely, no company can afford to not add security awareness training and phishing simulations to their security program. It is as vital as a firewall and antivirus, and it is quickly becoming just as heavily deployed by companies.
Contact us today to see how we can help you solve your employee security risks. We provide these solutions both managed and unmanaged for your convenience.