Go Phish Go Phish
share 1

From the equipment, the tactics, the risk and everything in between all are considered differently when fishing from deep versus shallow waters. A fishers ability to see into the water body they are fishing from is one of the factors that will determine their ability or inability to get a good catch.

The assumed anonymity of an organisation or business due to its size does not translate to not being a possible target of cyber attacks. With the growth of technological advances comes the increased number of ways organisations can be targeted. Third party entry, malware attacks, lack of encryption, weak passwords, outdated software, phishing attacks, to name a few, are a forms of cyber attacks. 

Majority of the time, these attacks aim for breaching information. Being more than simply accessing a company's database, a breach is damaging to both a company’s reputation and financials, therefore regardless of the size of an organisation we are to be mindful of the measures put in place and their level of effectiveness, starting with awareness. 

Phishing is an example that is sometimes underestimated, yet producing great damage. As of 2021, according to a Cyber Security Threat Trends report by CISCO, 90% of data breach came as a result of Phishing. With attackers not looking to large organisations alone, but SME’s (Small and Medium sized Enterprises) as well.

 In the aftermath of a phishing attack the following are known to occur
  1. Reputation damage - clients, customers, investors, those in affiliation loose trust and confidence in an organisation upon a phishing attack.
  2. Financial cost - it has been registered that organisations with even a couple hundred employees could have to incur no less than millions of dollars in tracking a breach, fines and costs associated with legal measures, just to name a few.
  3. Process delays - daily operations will have to be at a halt in the event of such circumstances. There is no planning on when an attack could take place and therefore no proper planning on how to combat such disruptions.
In fishing, the sport, we are told that the availability of light is essential; with shallow waters there is natural light enabling a fisher to see where the fish are, the direction they are moving in and so forth, with deep water however, there would be need for light producing devices to be used and different types of baits too. The fish in such waters are generally not easily accessible, and fishing rods and other devices, usually get destroyed before getting a good catch.

Not far from the case of cyber attackers phishing small versus big companies. Less effort is required with shallow waters, the fish are known to follow the fishermen; they stay in one place, they follow light. Why is this related you ask? In a nutshell, phishers use people when targeting organisations and so they use social engineering with the aid technological methods to access people. 

Things to watch out for

1. Confirm that the email address matches the senders name.

2. The email address should make sense and match what the company does.

3. If is it for an organisation you know, then the branding in the should align with how it usually is.

4. Beware of small discrepancies, spelling mistakes, tones of urgency, incorrect grammar, and the like.

An attack occurrence could potentially look like, an email is received resembling a sender or company that the target is already in affiliation with in one way or another. A victim will essentially take the bait by pressing on a link, opening a file, and possibly inserting credentials or sending back company compromising information.

It has been found that out of the phishing attacks targeting organisations, 20% of employees are known to click on the emails, with a 67.5% of the 20% usually proceeding to enter credentials. 

Luckily the socially engineered tactics used are combated with technological solutions

1. Create awareness of this to members of your organisation, irrespective of size.

2. Be cautious with the information shared via email.

3. Get in the habit of checking the email addresses linked to the emails you receive.

4. Cross check with team members, even seniors, before sharing sensitive information.

5. Build good relationships with the people you affiliate with that incase of something out of the blue they feel open to communicate back.

6. Avoid using work email addresses when registering on multiple sites.

A bulk of the aforementioned has been on the breach of information, yet some of the most damaging results from phishing especially when repetitive, is

1. Reputation damage - clients, customers, investors, those in affiliation loose trust and confidence in an organisation upon a phishing attack.

2. Financial cost - it has been registered that organisations with even a couple hundred employees could have to incur no less than millions of dollars in tracking a breach, fines and costs associated with legal measures, just to name a few.

3. Process delays - daily operations will have to be at a halt in the event of such circumstances. There is no planning when scheduled attacks could happen and therefore no proper planning in how to combat such disruptions.

All this to say, it all starts with awareness. Reminders can be embedded in different activities during team. building, retreats and so forth. The More You Know..

share 1

Grea Haika Mmbando
Written by

Grea Haika Mmbando

I am a tech enthusiast, working in the areas of networking, cyber security and passionate about learning more on new and improved processes.

Join #TheMovement Now

Empower helps millions of job seekers and employers find the right fit every day. Start hiring now on Africa’s #1 job site.*

Become a Mover

What People Say About Us