The Business Risk of Phishing Emails

Posted by Stephen Ferrell
Stephen Ferrell

Phishing needs no introduction; you'd be hard pressed to find someone who couldn't at least give a brief description of what it is. While technical knowledge would undoubtedly differ person to person,the overwhelming consensus would be that phishing is universally considered to be a bad thing. The FBI has been tracking its impact, and the Department of Homeland Security is taking an active interest. When we consider phishing attacks in the corporate world, we must assess the myriad of risks that phishing attacks can bring to bear on the business.

Financial Risk

The first risk to consider is the dollar impact that a phishing attack can have on a business. In the last few months, tech giants Google and Facebook were caught up in the same phishing attack, paying invoices to a fraudster posing as a legitimate vendor. It is worth noting too that while the total cost of successful phishing attacks is in the billions, the relative dollar cost business to business can vary wildly.  A  $100k loss to Google or FaceBook may not, in the grand scheme of things, be particularly impactful but a figure like that could be crippling to a small business. The billions that are stolen every year from US corporation doesn't consider the dollar cost of failed toolsets and training programs that are doing little to offset the phishing tidal wave. 

Phishing attacks are often used as the delivery method for ransomware attacks. As I type this, Baltimore City, Maryland is 3 or 4 weeks into trying to react to a ransomware attack that has shut down crucial city systems and was holding up nearly 1500 real estate transactions.

If your business has any element of e-commerce in your portfolio, a phishing attack can have a massively detrimental effect on the fidelity of your incoming and outgoing cash flow, creating a lasting and potentially devastating impact to the bottom line long after the phishing attack is over.

Human Capital

Phishing attacks can have a profound and personal impact on the psychology of your workforce. Associates who are responsible for falling for a phishing attempt can often feel maligned and ostracized. The stigma that comes with interacting with a phishing email can often be hard to overcome. Further, companies choosing to run phishing simulations also run the risk of demoralizing the workforce and degrading the email users confidence and innate, if limited, ability to discern email fact from fiction. According to the "Don't be Phooled by Phishing"* presentation on the Department of Homeland Security website, "Phishing messages often contain an element of urgency and, thus, time pressure. The tone of these messages frequently involves a combination of persuasive and polite statements to influence decision making." Indeed one of the hidden risks of phishing attacks is corporate culture. A culture that creates a false sense of urgency and drives employs to think and act rapidly is often a ripe environment for socially engineered phishing attacks.

Brand Damage

According to CSO magazine, phishing "affects more than just your hardware. It can erode trust in clients, vendors, coworkers, partners, and more. Which means a loss in clients, a loss in revenue, and a loss of confidence in said employee from an internal perspective." When a corporation is highlighted as having been the victim of a phishing attack, the confidence in their ability to secure their customers financial and private information is immediately called into question. In an age where we rely on less cash and more electronic payments, the impact of a successful phishing attack on an e-commerce player can be crippling.

Email Phishing Protection – Stop Phishing Emails

At INKY, we recognize the threats you face, we understand the risks that phishing attacks have on business, and we have the email phishing protection solution. INKY's Phish Fence platform is a next-generation risk mitigator designed to stop phishing emails. Where traditional spam and malware filters fail INKY thrives. Our unique combination of computer vision, artificial intelligence, and machine learning is the solution for which you've been looking. Each day INKY scans millions of emails, endlessly searching for email security breaches, phishing attempts, malware, and spam. Of all of the customers across our install base, we have yet to see a single successful phishing attack on an INKY protected domain. 

The risk of remaining unprotected or relying on the legacy spam and malware filters is simply not worth it. Our Phish Fence platform is agnostic and can be installed in less than an hour. It can work as your single line of defense our integrate with any existing spam or malware filter. Our banner system provides an embedded risk mitigator in every email your organization receives, providing a constant learning opportunity for your associates. The destruction of your brand, your corporate finances, or your employee's morale is entirely avoidable.

Take the INKY Phishing Fitness Test and see if you’ve been phished.

 

INKY – PHIGHT PHISH

Topics: email security