Time and Money Phished out of Organizations' Pockets


Time and Money Phished out of Organizations' Pockets

By Greg Tavarez

Phishing is a variant form of cyberattack that all organizations and, hopefully, a majority of employees know about. However, as awareness grows, bad actors are sophisticated enough to adapt new tactics to blend in more easily and have their emails look like an exact clone of one someone might receive from Amazon, Walmart or Netflix.

The result of clicking on that link is still the same. The bad actors are granted access to important company data and credentials, which is potentially costly for organizations. That is why one-third of organizations indicate phishing is a threat or sometimes even an extreme threat due to the consequences such as loss of account credentials, business email compromise and data theft, according to “The Business Cost of Phishing.”

Handling a single phishing email comes with two costs, naturally – time and financial impact. The monetary cost is $31.32, on average, per phishing message, and around 70% of organizations in the report say they spend 16 minutes to an hour dealing with one message. To put the monetary cost into a total for the year, organizations with 25 IT and security professionals spend more than $1 million per year to handle phishing.

“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks,” said Ian Thomas, vice president of product marketing at IRONSCALES, which commissioned the research. “This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks.”

Yes, these attacks are never-ending. Most respondents expect the impact of phishing to get worse over the next 12 months, with two-thirds of organizations expecting the time spent on phishing per week for IT and security teams to stay the same or increase.

Organizations are worried because phishing messages have spread to tools other than email. These include messaging apps, cloud-based file sharing platforms and text messaging services. At least half of companies see phishing attacks in these other communication and collaboration tools, and 40 percent see them on social media, video conferencing/online meeting platforms and collaboration platforms such as Microsoft Teams and Slack.

Similar to email, they come in a form that looks legit. As phishing spreads to these new tools, IT and security professionals will spend more time addressing threats and seeking to eradicate threat actors from their other services

What can companies do to shield up against the barrage of phishing messages? First and foremost, they  should gauge phishing awareness among employees using surveys and by incorporate phishing material in training materials. Companies also should use phishing simulation and training exercises to give employees practical opportunities at improving their ability to detect attacks.

For companies with a BYOD policy, update the policy to include specific tips and guidance for employees to ensure they don’t fall victim to text-based scams.

Phishing is a time-intensive and costly problem for organizations, and there is no sign of slowing down over the next 12 months as bad actors utilize more tools beyond email. Organizations that want to free up cybersecurity staff time for more strategic initiatives and reduce their expenditure on addressing phishing attacks need more capable solutions that detect and stop more phishing attacks.

Edited by Erik Linask

MSPToday Editor

Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More