The real cost of a phishing attack

In the last handful of years, the number of Phishing attacks against private, public, and business targets, both globally and locally, has been steadily increasing.

Then along came COVID.

Evidence¹ now shows how high and significant the increase to the sheer quantity of attacks since the onset of the pandemic has been. These attacks have ramped up the pressure on private, business, and governmental bodies to protect their information or pay the price.

A recent successful phishing attack on a single state government institution has been reputed to have financial implications upwards of $7 million.

Not Only Financial Costs…

The overall impact of a successful Phishing attack may not be fully realised for a substantial time and cannot be calculated in money alone. Factors can include:

• Impacts to the victim’s reputation and branding as trust has been broken.
• The timing of the release of information following a breach can cause additional harm.
• Too early and security gaps may not have been remedied sufficiently to stop additional attacks.
• Conversely, too long of a delay often sees negative effects on reputation and branding.
• Considerable staff effort and funds frequently need to be spent on damage control, often involving websites for information, counselling services for those affected, and so on.

In terms of equity, often substantial amounts need to be invested in post-attack responses.

Costly forensic analysis is often required to determine what was stolen. Although the truth is, how much, what details, and who’s information has been compromised can remain unknown until too late. Depending on the target or victim:

• This can be a few megabytes through to multiple terabytes of data, including personal information and that of 10s or 100s of thousands of customers.
• Information assets of any variety held in an IT system can be vulnerable to theft.
• Personal records and information such as driver’s licenses, banking details, and health records
• A company’s notes, forms, scans, or transaction records
• Output from any type of software (documents, spreadsheets, or images)
• Information of any age, from decades old archives or today’s processing

In the aftermath of Phishing attacks, measures used to protect systems and the information processed, stored, or communicated on them can be quite costly in both time and money, while systems can remain vulnerable until all weaknesses are fully addressed.

Post-Phishing attack expenses habitually include:

• Unexpected additional funds for personnel training
• Unplanned supplementary asset purchases
• And other impromptu heavy investments in IT security

The Cost is Preventable…

All this can stem from as little as one person clicking or even just opening the wrong email at the wrong time.

With a little forward planning and, in comparison, an economic pittance, the most vulnerable and most targeted factor of a Phishing attack can be reinforced. The target is you, the human factor, usually the weakest link in a cyber security chain. By running education and training programs, the overall knowledge and awareness on what is and is not a safe email and what to do with suspicious packages (wink), becomes easier and more readily answerable by staff.

Get in touch with us today to discover the impact Phriendly Phishing can have on your organisation.