Email Phishing is one of the fastest ways to destroy a business. These threats bring devastating consequences such as ransomware. Experts estimate that 60% of companies stop doing business after being hacked. Every employee and every sector is at risk of falling victim to a phishing attack, but some are more likely to become targets than others. Which industries were most phished during the year? Learn why these industries are vulnerable and how to prevent it from happening to your business.
Phishing is the gateway to many network security woes. Of all the types of cyberattacks, phishing is the threat that businesses need to watch out for the most. An estimated 75% of businesses around the world have experienced phishing by 2020. One of the reasons email phishing is so popular is because it’s so effective. In its IC3 Report 2020, the US Federal Bureau of Investigation predicts that businesses have lost $4.2 billion to cyberattacks in 2020 due to phishing.
To prevent your business from being damaged by ransomware, find ways to prevent phishing. An estimated 65% of active cybercriminals use spear-phishing as a phishing technique to distribute their preferred ransomware. Ransomware is also a weapon used to threaten the nation. Today, every business is at risk of a ransomware attack. In 2020, a new trend of cyberattacks was born, in which ransomware was used to disrupt production lines and operations at infrastructure, business support centers. This attack trend will continue into 2021.
Top 5 industries most vulnerable to email phishing
In a phishing simulation, every industry had a problem with employees clicking on phishing emails. CyberNews reports that 1 in 3 employees is likely to click on a link in a phishing email, and 1 in 8 employees will share the information requested in the phishing email. However, this is particularly the case with certain industries. Here are the top 5 industries most vulnerable to email phishing.
- Consulting service
- Clothes and accessories
- Education
- Technology
- Corporation
Why are these industries the easiest to attack?
The risk of phishing is not that easy to predict. Cyber attackers are constantly innovating their methods, and the list of industries most at risk is constantly changing. The law of supply and demand, in this case, applies to cyberattacks just like any other business activity. Plus, world events and market volatility also create new pitfalls every day. That said, three main factors make some industries more at risk of being scammed online than others.
1. Demand
The risk of phishing increases sharply in 2020. One of the reasons is that cybercriminals find opportunities in industries that are under pressure. Scammers were quick to take advantage of ransomware to achieve their ultimate goals. Ransomware was the most common reason behind Microsoft’s problems between October 2019 and July 2020. The huge increase in phishing (more than 600%) and ransomware (almost 150%) has been so dangerous that the US Cybersecurity Infrastructure Security Agency (CISA) created a center to help organizations prevent cyberattacks.
Phishing and ransomware exploded in the healthcare industry in 2020 because unexpected events created opportunities for cybercriminals. During the peak of the COVID-19 pandemic, medical facilities were specifically targeted by them for a long time, then the focus shifted to pharmaceutical companies. They then hit shipping and logistics companies as the trend of the pandemic shifts from treating diseases to making vaccines and delivering them. When an industry is particularly interested, cybercriminals will quickly seize the opportunity to carry out attacks.
2. Teamwork and remote work
People who work remotely and in teams are extremely dependent on email. However, this flexibility also exposes the company to more risk. In a 2020 survey of employees’ remote working habits, about 60% of employees admitted that they were working in environments that were often distracting. Many of these employees are always working, which makes email processing errors more likely. 73% of employees surveyed said they regularly read and respond to work emails outside of working hours, and nearly a quarter of employees (24%) said they deal with work emails while doing other things.
Some risks are exacerbated by a lack of preparation for full remote work - 98% of IT professionals in an international survey said their organization has experienced security challenges due to phishing caused within the first two months of the pandemic. Only 42% of survey respondents feel that their organization is “well prepared” to move to remote working. Meanwhile, 45% said their company was “somewhat prepared” and 13% said their business was not prepared at all.
3. Increased number of emails
More remote employees mean more email. According to statistics, commuters have to deal with more emails than last year (up to 72%) and email has become the main communication tool of businesses today. The company’s first fully teleworking employees left a large number of commuters untrained about the cybersecurity risks they could face. In addition, the stress related to the pandemic has created an environment ripe for cybercriminals to attack. Phishing threats saw their biggest jump in Q2 2020, growing 660% according to Google. And 220% in Q4 2020, although the increase has been lower, it is still huge.
The number of emails increased significantly
A new record in the number of emails is recorded at 306.4 billion emails sent and received each day in 2020. While many of them are legitimate, the large increase in volume also drives crime. Networks have more opportunities to perform phishing, Over 30% of emails sent in 2020 are with pandemic topics and 72% of all phishing emails are subject to COVID-19. Experts at BitDam estimate that, for an average organization with 1–250 employees, 1 in 323 emails is malicious. For particularly challenging industries, such as the healthcare industry, by 2020 it is estimated that 1 out of every 99 messages will be infected. Larger companies are a little less risky. In an organization with 10001-1500 employees, only 1 out of 823 emails contained malicious code.
It’s complicated to calculate an organization’s phishing risk, but it’s fairly easy to help businesses reduce the likelihood of clicking on phishing links. Phishing awareness training is the foundation of phishing knowledge building. A recent study found that, when a company does a phishing simulation for the first time, there is a 40% - 60% chance of opening malicious links or attachments. However, the continuous practice has also made a huge difference. In the next Trial, after 6 months of training, that rate decreased by 20% - 25%, and after further training for 3 to 6 months, that number could be reduced to only 10% - 18%.
Mail Gateway EG Cloud Platform - The perfect anti-phishing email solution
It can be seen that with the trend of Digital Transformation of the world today, working remotely is not too strange for businesses any more. Therefore, email phishing attacks will be more likely to take place. Among the reasons that increase the attack rate mentioned above, the human factor is the most important. It can be seen that criminals are taking advantage of employees’ ignorance to carry out scams. Understanding this, VNETWORK Company has developed an email firewall system to help warn and minimize users clicking on malicious links. Mail Gateway EG Cloud Platform is developed based on AI and machine learning technology to not miss any danger for the business.
- _ Receive GUARD: _ an incoming email protection layer that uses an AI-generated virtual area to open and check the content of incoming emails by scanning attached files and links. From there evaluate and identify the behavior in the mail (such as intrusion behavior, behavior change permissions, dangerous files …). If the security level is above 80%, the system will send an email to the user. In addition, AI will help businesses remember URLs, attachments, sending routes, etc. This data will help the system detect fake emails and warn users to check phishing emails to avoid damage.
- Spam GUARD : the most outstanding function is filtering spam based on the scoring filter. In addition to filtering on international databases, the system uses its score to not miss any malicious code. SECU E Cloud’s blacklist blocks email on demand even if it’s the clean email with a standard configuration.
- Send GUARD: supports users to approve messages sent by subject, content, or attachment name in the email. To ensure that the email sent by the business is always reputable in the eyes of customers. Send GUARD will filter malware/viruses before sending. In case a user is infected with malicious code, the system will lock them to limit the risk of affecting business partners.