20142014
A cyberattack can destroy a business. Whether that involves Denial-of-Service attacks, file deletion, ransomware, or other cyberattacks, the most common factor they share is human failure. Currently, the most common human failure is falling victim to a Phishing e-mail, which has been attributed to >90% of successful information security breaches.
You may be surprised to learn that the most likely target organizations are smaller organizations that are likely to be suppliers to major organizations. The smaller organization is perceived as an easier route to successfully attacking the major one.
From the moment anyone has access to a company PC, laptop, or another device capable of receiving and sending e-mail, you are vulnerable to Phishing. And phishing e-mails are not always easy to spot. Action is needed by you. And so, this free short video presentation is recommended as part of Day-1 Induction Training for new Recruits and as a refresher course.
Published research shows that the human factor is the 'weak link' in cybersecurity. Yet, despite this knowledge, the situation is not improving. Our own experience in on-site auditing confirms this. People working for companies seeking ISO 27001 Certification are simply not vigilant about maintaining the organization's information security.
And no more so than their lack of awareness of the dangers of spear phishing and their helplessness in the face of clone phishing. The fact that snippets of sensitive information from various sources within an organization can be spliced together to facilitate a crushing cyber attack simply does not register.
Costliest Phishing Attacks in Recent History * |
||||
| Phishing Victim | Industry | Year | Estimated Losses | Mode of Attack |
| Marks & Spencer | UK Retailer | 2025 | $410 million | Social Engineering Ransomware |
| Google & Faceook | Tech | 2015 | $100 million | Fake Invoices BEC |
| MGM Resort | Hospitality | 2023 | $100 million | Vishing Ransomware |
| Caesars Entertainment | Hospitality | 2023 | $75 milliom | Social Engineering Ransomware |
| Usher Smith Labs | Pharma | 2014 | $50 million | BEC Spear Phishing |
| Ubiquiti Networks | Networking | 2015 | $47 million | BEC CEO Fraud |
| Xoom Corp | Fintech | 2014 | $31 million | BEC Impersonation |
* That we know of.- Data retrieved 26-May-26 - BEC=Business email compromise
Afterwards, we recommend that you evaluate the effectiveness of the training given for Cyber Security Awareness. Periodically circulating a test phishing e-mail and subsequent review of outcomes with all concerned is especially effective in engendering continuous vigilance. We also suggest including short interviews of all staff as part of your Internal Audit Programme for your Information Security Management System.
If so, we have a selection of auditor and implementer training courses that might be relevant to you. Please click on the button below to learn more about them.
If you have any questions, you can refer to our ISO 27001 course overview page, where you can see some of our answers to frequently asked questions, or contact us. We're always delighted to help.
Click the Button to access the free video.
We have chosen ISO 21001 certification because it is based on independent third-party assessment, unlike IRCA and Exemplar badges (which we believe are commercially compromised). It is a 'university grade' standard globally by schools, colleges, and universities to demonstrate competence.
We provide Courses on ISO 9001, ISO 13485, ISO 14001, ISO 17025, ISO 27001, ISO 45001, Data Protection, Risk Management, and more.