Recommended as part of ISO 27001 Training or Day 1 of a broaderInduction Training for new recruits
A cyberattack can destroy a business. Whether that involves Denial-of-Service, deletion of files, ransomware, or other types of cyberattacks, the most frequent event they all have in common is human failure. And currently, the most common human failure is becoming a victim of a Phishing e-Mail, which has been attributed to >90% of successful information security breaches.
The most likely target organizations may surprise you, namely smaller organizations likely to be suppliers to major organizations, where the smaller organization is perceived as an easier route to successfully attacking the major one.
From the moment anyone has access to a company PC, Laptop or another device capable of receiving and sending email, you are vulnerable to Phishing. And phishing emails are not always easy to spot Action is needed by you. And so, this short video presentation, which is free, is recommended as part of Day-1 Induction Training for new Recruits and as a refresher course.
From published research, we know that the human factor is the 'weak link' in cybersecurity. Yet, despite this knowledge, the situation is not improving. This is confirmed by our own experience in on-site auditing. People working for companies seeking ISO 27001 Certification are simply not vigilant when it comes to their part in maintaining the organization's information security.
And no more so than their lack of awareness of the dangers of spear phishing and their helplessness in the face of clone phishing. The fact that snippets of sensitive information from various sources within an organization can be spliced together to facilitate a crushing cyber attack simply does not register.
Costliest Phishing Attacks in Recent History |
||||
| Phishing Victim | Industry | Year | Estimated Losses | Mode of Attack |
| Sony Pictures | Entertainment | 2014 | $100 million | Spear Phishing |
| Facebook and Google | Technology | 2013-2015 | $100 million (combined) | CEO Fraud |
| Crelan Bank | Banking | 2016 | $75.8 million | CEO Fraud |
| FACC AG | Aerospace | 2016 | $47 million | CEO Fraud |
| Ubiquiti Networks | Technology | 2015 | $46.7 million | CEO Fraud |
| Leoni AG | Energy and Data Management | 2016 | $44.7 million | CEO Fraud |
| Xoom | Money Transfer | 2014 | $30.8 million | CEO Fraud |
| Pathé | Entertainment | 2018 | $21 million approximate | CEO Fraud |
| Tecnimont SpA | Engineering, Technology, Energy | 2019 | $18.45 million | CEO Fraud |
| The Scoular Company | Farming | 2015 | $17 million | CEO Fraud |
Data retrieved March 04, 2022
Afterwards, we would recommend that for Cyber Security Awareness, you evaluate the effectiveness of the training given. The periodic circulation of a test phishing email, with subsequent review of outcomes with all concerned, is especially effective in engendering continuous vigilance. Also, we suggest including short interviews of all staff as part of your Internal Audit Programme for your Information Security Management System.
If so, we got a selection of auditor and implementer training courses that might be relevant to you. Please click on any of the courses below to learn more about them.
If you have any questions, you may want to refer to our ISO 27001 course overview page where you can see some of our answers to frequently asked questions or contact us. We're always delighted to help. Note: Originally published in January 2020, this post has now been updated.