In a recent report on 2023 spear phishing trends, Barracuda report that less than 0.1% of emails are spear phishing attempts but they are responsible for 66% of data breaches across the organisations they analysed.
What is spear phishing?
In our blog post on the 5 ways your organisation could get hacked, we defined spear phishing as a method where specific people in your organisation are targeted, in order to extract payments or gain access to systems. Using a spear phishing attack, a criminal will intend to gain access to your online accounts and company data to commit identity theft, fraud and other crimes.
Practical methods to reduce your risk from spear phishing attacks
In addition to implementing Cyber Security support and services, carrying out company-wide IT security training and following our Cyber Security Tips, there are a number of practical steps you can take to protect against spear phishing attacks.
- Provide thorough security awareness training for senior staff and anyone with access to sensitive, confidential or financial data. This should go above and beyond the cyber security awareness training that all members of your organisation should undertake.
- Reduce unnecessary information online, such as direct email addresses of members of staff that could be targeted during a spear phishing attack.
- Require approval for bank payments and implement a process that reduces risk in the payment authorisation process.
- Require approval and checks when adding new suppliers to your payment system.
- Monitor and flag changes to supplier bank details on your payment system.
How we can help
As a managed IT support provider, we help organisations understand the risks involved and how to best defend against cyber security threats with a variety of software and services. You can get in touch to find out more.