THE SMALLER A BUSINESS , THE FEWER RESOURCES

THEY ’ RE LIKELY

TO BE ABLE TO ASSIGN TO CYBERSECURITY

CONCERNS . leading to the compromise of credentials which are entered into the fraudulent site , or leading to malware infection of the corporate networking due to a malicious link or download being interacted with .

While this may seem like a lower level of cyberattack , the reality is that phishing is simply the beginning of the cybercrime campaign and can have resoundingly devastating consequences for organisations who fall victim to it . One of the most high profile cyberattacks in history was in fact the direct result of a successful phishing attack : The Colonial Pipeline ransomware incident , which caused the shutdown of almost 50 % of the US East Coast ’ s oil supply for an entire week , having disastrous economic impacts and eventually leading the company to pay a US $ 4.4 million ransom , was all facilitated directly as a result of a phishing attack . Not all phishing attacks will lead to an event this seismic but could still be devastating for businesses unable to weather the storm .

The good news is that despite their popularity , phishing emails tend to be easier to notice ; they are usually automated attacks , targeting a wide net of organisations , hoping to ensnare as many as possible . This is unlike the more targeted version , spear-phishing .

These types of attacks are much more dangerous because they aim to target an individual or a business specifically . This usually involves the threat actor undertaking some research into an organisation ’ s structure and finding out about specific responsibilities within the organisation . The email which attempts to compromise the organisation will utilise this research to tailor the attack , making it more likely to succeed .

An even more impactful subsection of spearphishing is business email compromise or BEC attacks . BEC attacks are spear-phishing campaigns which impersonate a member of staff or trusted entity at an organisation – a CEO , CFO , etc . – and convince a member of staff to make a significant financial transfer , often via a fake invoice , which they have requested while impersonating the CEO , member of the leadership team or a member of the finance team .

Often using this individual ’ s seniority to create a sense of urgency , these attacks have had notoriously devastating consequences ; an

26 intelligent

. tech

Intelligent SME . tech