Time and Money Phished out of Organizations' Pockets

Time and Money Phished out of Organizations' Pockets

By Greg Tavarez

Phishing is a variant form of cyberattack that all organizations and, hopefully, a majority of employees know about. However, as awareness grows, bad actors are sophisticated enough to adapt new tactics to blend in more easily and have their emails look like an exact clone of one someone might receive from Amazon, Walmart or Netflix.

The result of clicking on that link is still the same. The bad actors are granted access to important company data and credentials, which is potentially costly for organizations. That is why one-third of organizations indicate phishing is a threat or sometimes even an extreme threat due to the consequences such as loss of account credentials, business email compromise and data theft, according to “The Business Cost of Phishing.”

Handling a single phishing email comes with two costs, naturally – time and financial impact. The monetary cost is $31.32, on average, per phishing message, and around 70% of organizations in the report say they spend 16 minutes to an hour dealing with one message. To put the monetary cost into a total for the year, organizations with 25 IT and security professionals spend more than $1 million per year to handle phishing.

“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks,” said Ian Thomas, vice president of product marketing at IRONSCALES, which commissioned the research. “This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks.”

Yes, these attacks are never-ending. Most respondents expect the impact of phishing to get worse over the next 12 months, with two-thirds of organizations expecting the time spent on phishing per week for IT and security teams to stay the same or increase.

Organizations are worried because phishing messages have spread to tools other than email. These include messaging apps, cloud-based file sharing platforms and text messaging services. At least half of companies see phishing attacks in these other communication and collaboration tools, and 40 percent see them on social media, video conferencing/online meeting platforms and collaboration platforms such as Microsoft Teams and Slack.

Similar to email, they come in a form that looks legit. As phishing spreads to these new tools, IT and security professionals will spend more time addressing threats and seeking to eradicate threat actors from their other services

What can companies do to shield up against the barrage of phishing messages? First and foremost, they  should gauge phishing awareness among employees using surveys and by incorporate phishing material in training materials. Companies also should use phishing simulation and training exercises to give employees practical opportunities at improving their ability to detect attacks.

For companies with a BYOD policy, update the policy to include specific tips and guidance for employees to ensure they don’t fall victim to text-based scams.

Phishing is a time-intensive and costly problem for organizations, and there is no sign of slowing down over the next 12 months as bad actors utilize more tools beyond email. Organizations that want to free up cybersecurity staff time for more strategic initiatives and reduce their expenditure on addressing phishing attacks need more capable solutions that detect and stop more phishing attacks.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More

How Businesses are Navigating Migrations and Marketplace Shifts

By: Alex Passett    3/28/2023

Westcon-Comstor recently published a report that explored challenges found amongst shifting subscription and recurring revenue models for businesses.

Read More

Cybersecurity Essentials: BSA Expands Managed Security Solutions

By: Alex Passett    3/24/2023

Bridge Security Advisors (BSA) has announced an addition to its Essential Security Solution (ESS): the Managed Security Solution (MSS) offering.

Read More