Ask any security professional what the biggest security threat to the network is and they and their own fellow employees are likely the answer phishing. Despite this consensus, many organizations accept their personnel may cause a malware outbreak and have instead focused their budget on other defensive techniques, rather than prevention through providing training to employees. Untrained employees can cost a corporation, hospital, or agency substantially more money in the long run.
The news is full of horror stories describing phishing attacks, which trick users into providing sensitive data, executing malware, or causing data loss that severely impacts operations. A troubling trend is phishing attacks, which distribute ransomware and encrypt user hard drives and data stores, thus preventing organizations from accessing their information. In 2015 there were over 350,000 reported ransomware cases. In many cases, these ransomware attacks can target data backups, as well as cloud-based drives. Recently, there have been several incidents where ransomware infected hospital networks, caused the loss of patient data access, and even forced administrators to relocate patients and resort to paper-based records. Also, law enforcement agencies are not immune to such attacks as several police departments have been forced to pay the ransom or risk losing access to case files and other sensitive investigation information.
Unfortunately, phishing attack volume is projected to continue to increase as access to malware increases. Several criminal, yet highly technical, groups have released toolkits which generate malicious code automatically and allow unskilled attackers the ability to distribute and insert malware they could not have developed on their own. These types of attacks can cost tens of thousands of dollars in lost employee productivity, malware containment, and network remediation efforts. It is estimated that a phishing attack can cost a large business (10,000 users and up) over $3.5 million a year.
CCS’ comprehensive solution combines a live phishing assessment based on controlled phishing emails with interactive training and quizzes, as well as a method for management to gauge the training level of their employees.