Phishing attacks today are sometimes so credible that anyone working within a company can fall prey. And we see that reflected in the numbers. Human error is the cause of a data breach in no less than 95% of cases. Security attacks increased 31% from 2020 to 2021, according to Accenture's "State of Cybersecurity Resilience 2021" report.
From C-level to administrative staff and even lawyers, hardly anyone escapes the dance these days. Yet there are 5 departments/companies that are especially popular among phishers because there is a lot to be gained. Are you responsible for the cybersecurity of 1 of these 5 departments or companies? Make sure you are prepared and stay prepared!
Read more: what are the most common phishing mistakes every organization make, and how can you prevent them?
The favorite phishing targets
Which departments and companies are we talking about? And as a Cyber Security Specialist or CISO, how do you properly prepare for phishing attacks that are getting smarter by the day?
1. Law firms
One word: client data. Law firms have a wealth of stored (sensitive) client information. A real goldmine for cybercriminals. It happened to two Dutch law firms last year. Before they realized it themselves, the mailboxes of law firms Quist from Dordrecht and Wille Donker from Alphen aan den Rijn were hacked, resulting in hundreds of (phishing) emails sent to clients. The emails obviously contained a link to malicious software.
Another example is the case of one of the largest and most respected firms in the word: DLA Piper breach. Back in 2017, the firm experienced an attack that initiated when one of the administrators clicked on an "update" to a software the firm was using. The update was in fact a phishing scam that contained malware, and that got access to all of DLA Piper's data.
PWC calculated that the amount of cyberattacks on law firms has increased by 60% in the past two years. This type of fraud, where the recipient thinks you are someone else, is also known as spoofing.
2. Legal Departments
We hear you thinking: these are the very people who won't be fooled, right? Make no mistake, phishing emails are so well crafted these days that even IT specialists sometimes have to take a third look. Again, legal departments are favored by cybercriminals. Like law firms, these departments handle and process a lot of personal data. And unfortunately, these departments are not known for their good security.
Maybe you've experienced it yourself. A somewhat vague email from your boss saying, "Do you have time to help me with something now?". After which you are then asked to click on a link, purchase gift cards or transfer money to an account. CEOs/Executives are popular among phishers because they have authority. When they give an order to someone, people are quick to comply. Phishers therefore like to pose as CEOs in order to trap another department.
In addition, we also see CEOs/executives themselves becoming victims of phishers. The reason is simple, they often have sensitive and confidential information in their possession. Phishers do this by impersonating the CFO, another managing partner or an investor. An effective way to prevent this is to set up multi-factor authentication on all important documents.
We recently wrote this blog on how to easily spot phishing emails.
4. Human Resources
You guessed it... The HR department also collects and processes a wealth of personal data. They are responsible for recruitment, on-boarding, payroll and employee progress/development. They not only have email addresses, they have passport information, salary information and sometimes very sensitive personal information. It's unthinkable that this could fall into the wrong hands. Especially for recruiters, SmartLockr has built an upload portal in which candidates can safely share their personal information.
I don't think we need to tell you all the important data that the finance department processes. When it comes to the financial department and its employees, cybercriminals prefer to use a simple email with "could you please transfer this to" in combination with the so-called Whaling and Spear Phishing method, where phishing mails are personalized with, for example, the name of your boss.
Help! I am responsible for one of these departments / companies
Although cyber criminals are getting smarter, so are we! We do everything we can to keep track of all these developments and to continuously adapt our product to them.
This way, our customers don't have to worry about new tricks from phishers. Our easy to implement email security solution instantly recognizes phishing attempts and gives a warning in case of a possible scam. One simple solution that can save you a lot of trouble. It's as simple as that!
Curious about our solution and how we can protect you against phishing scams?
Request our demo without any obligations!