Recently it was announced that the California State Controller’s Office, an agency that handles over $100 billion of public funds, was a target of a phishing attack. The attackers were able to get access to sensitive emails and files for over 24 hours before eventually being detected. Though at that point, it may have been too little too late. During that timespan, the bad actors stole social security numbers and other important personal files on the employees. They also used the opportunity to send thousands of other phishing messages to all other employees. The agency has since put out a notice and revealed that just one single employee was the cause for the data breach. The employee had apparently clicked on a phishing link and entered their credentials.
Unfortunately, something like this happens all too often. According to the FBI’s annual Internet Crime Report, phishing was the most common type of cyber crime in this past year. At 241,324 reported incidents, it almost doubled from the previous year’s number of 114,702. The most frightening part about these attacks is that it just takes one person to slip up. That is why it is imperative that all employees must be thoroughly trained in security awareness to prevent such mistakes. This is especially the case for smaller businesses.
A report put together by Symantec noted that employees of smaller organizations were much more likely to be targeted with phishing threats than those in larger organizations. For many of these smaller companies, security awareness training is simply not a corner that can be cut to save costs. Many of these potential breaches could have a devastating financial impact that would easily overshadow the expense of a few security awareness courses. Who said the training had to be expensive anyway? Tiro Security has partnered with a leader in online security awareness training to provide SMBs the resources they need in a cost effective manner. These resources include phishing simulations, privacy training, and much more.