Proofpoint, a leading global cybersecurity company, just released a report titled "The State of the Phish: an in-depth look at user awareness, vulnerability and resilience” that every clinic owner, manager, and privacy officer needs to read. The report examines data collected from 600 information security professionals in 7 countries. It lays out the real threat from phishing by exposing prevalence, preparedness, and how attacks get in to damage businesses.
It’s an important read that will provide you with many clues as to how you should protect your clinic from the very real threat of phishing.
Phishing is a growing threat for every type of business.
The report states that65% of US organizations experienced a successful spear phishing attack(a phishing attack that is targeted to a specific organization or individual) last year.Half of those organizations suffered a ransomware infectionbecause of it, and 35% of spear phished companies suffered financial loss.
86% of organizations in the study faced business email compromise (BEC) attacks. Over half of those companies saw more than 11 attempts, up to well over 100.
The most startling statistic to come out of the report is that33% of surveyed organizations paid a ransom to regain access to their data in 2019. Of those, 22% did not get their data back, and 2% had to pay more than they did initially to fully recover their data.
There is a long list of costs to an organization that suffers a phishing attack.
Proofpoint puts the potential damage businesses face from phishing attacks in clear focus with a detailed list of losses suffered directly or indirectly following an attack.
The report recommends you prioritize cyber security.
According to the authors, “If you deprioritize best practices and cybersecurity initiatives, so will your employees.”
78% of organizations say security awareness training reduces your organization’s susceptibility to phishing attacks. The Proofpoint survey found that only 31% of staff understand what ransomware is, and as little as 49% of people know what phishing is. Knowing the risks associated with phishing and ransomware is critical to keeping these attacks out of your clinic. Staff need to know what they’re looking for before they can block it.
Proofpoint suggests that you “set the tone that cybersecurity is important at all levels”. For starters, make security awareness training part of your on-boarding process and then keep those skills and knowledge sharp with on-going training.
Phishing and ransomware awareness is a part of your clinic’s overall privacy compliance program. To learn your clinic’s Privacy Risk score click here.You can download the full State of the Phish report from Proofpoint here.