Recently, a company called me to discuss concerns about their IT security. This company, based in the US but doing business with clients and vendors in many parts of the world, has been inundated with phishing emails. The difference here is that these phishing emails are not just generic ones that pretend to be Microsoft Office 365 or UPS trying to steal passwords, but rather, they are spear phishing. Spear phishing involves impersonating actual people associated with the company, like executives or vendors, in attempts to steal money or proprietary information. These schemes are becoming more and more common.
When I spoke to this executive in the aftermath, he stated, “It’s only getting worse. The emails are looking more and more real, coming more frequently.” They were lucky this time, but he is scared that sooner or later, someone in his company is going to fall victim.
This is the reality we live in now. Technology allows bad guys to anonymously cast wide nets and quickly catch victims, with little to no effort, cost, or even risk of being caught. Humans are, and always will be, the weak link, being caught unprepared or off guard.
Every business has a choice to make: assume (hope!) that it will never happen to you and take the risk; or, strengthen your IT security by making an investment in the right systems and better educating yourself and your workforce, thereby reducing your risk.
While it’s true that most emails are safe, most people are good, and getting hacked is rare, it’s also true that it only takes one bad email to get through, one human slip up to occur, and then it’s too late to take precautions. It is vital for businesses to invest in protecting themselves in the same way that bicycle riders wear helmets or people lock their homes at night: because of the chance that something bad could happen. Is your business worth protecting?
Watch for our upcoming blog post on how to prevent phishing attacks.
To better serve our clients, Tabush Group recently launched a comprehensive service to protect both your systems and your users. Our Premium Defense Service offers additional security to anticipate and prevent cyberattacks. For more information, send us a message or call 212.252.0571.