spear-phishing-privasec

Understanding Spear Phishing and How to Prevent It

The initial vulnerability for every organisation lies in the misconception that they are immune to cyberattacks. However, as revealed in Proofpoint’s 2022 State of Phish report, an alarming 83% of organisations encountered a successful email-based phishing attack in 2021, in which a user was tricked into a risky action, like, clicking a bad link, downloading malware, providing credentials, and executing a wire transfer. This is a staggering 46% increase compared to 2020. 

In addition, up to 78% of organisations experienced email-based ransomware attacks in 2021, and 77% faced businesses faced business email compromise attacks (BEC), which is an 18% year-on-year increase for BEC attacks from 2020.

In 2020, there was an increase in phishing attacks, where the loss attributed to phishing was USD 1.8 Billion. Additionally, phishing attacks contributed to a significant 22% of data breaches in 2020.

As such, prevention commences by educating employees on prevalent cyber-attacks, such as spear phishing, and empowering them with knowledge on effective countermeasures. Organisations can also bolster their readiness by incorporating cybersecurity solutions, such as tabletop exercises, into their preparedness strategies. These exercises play a crucial role in evaluating and refining the organization’s response mechanisms to potential cyber threats, ensuring a proactive and effective approach to cybersecurity challenges.

Learn more: A Recipe For Success: The Key Ingredients For A Successful Tabletop Exercise

What Is Spear Phishing? 

Phishing, in essence, is like casting a wide net over a large area of water and hoping to catch as many fish as possible. Spear phishing, as the name suggests, is speared and targeted at specific victims and individuals. 

Spear phishing is so successful because they are extremely believable. According to Symantec Internet Security Threat Report (ISRT) for 2019, up to 65 % of attacker groups used spear phishing as the primary infection vector. Based on data from an email security firm, IronScales, 77% of attacks are laser-focused, targeting ten accounts or less, with a third of attacks targeting only one account. The attackers are spending more time and effort gathering information about the target company through reconnaissance, which is used to craft highly targeted and tailored phishing emails.

Spear phishing attacks differ from other phishing attacks in that they target a victim to extract information. The messages are tailored to the victim, thus increasing the chances of fooling the recipient. As reported by FireEye, individuals opened 3% of their spam and 70% of the spear-phishing attempts. Of those, 50% clicked on the links in the opened spear-phishing emails as compared to 5% for mass mailings. Also, in a spear phishing campaign of 10 emails, there is a 90% chance of capturing its target.

How to Prevent Getting Spear Phished? 

To mitigate the risk of spear phishing, the first step is to reduce the exchange of confidential information through email and refrain from oversharing personal details online. 

While many organisations focus on protecting the machines that staff use, including having anti-phishing software to detect and flag incoming attacks, the human touch is the weakest link in an organisation’s cyber defence. Employee security awareness training also needs to be prioritised in which up to 97% of users are unable to recognise a sophisticated phishing email.

Learn more: Email Security | Don’t Take The Bait: Strategies to Defend Against Phishing

By conducting security awareness training and phishing simulation through tabletop exercises, organisations can educate their team in detecting cyber threats to prevent cyber attacks, where 84% of US-based organisations state that security awareness training has lowered phishing failure rates.

Cybersecurity is a shared responsibility, and continuous efforts in education, preparedness, and innovation are key to staying ahead of evolving threats. Let Privasec’s cyber security solutions available in Singapore help your business stay resilient and secure. Get in touch with us today.

Secure your business with us

Book a consultation with us now to see how you can better your security posture. We strive to understand your business objectives and challenges to ensure that we uplift your organisation at minimal disruptions to your day-to-day activities. Simply drop us an email at [email protected] or call us at +65 6610 9597 (SG) / 1800 996 001 (AU) for more details
Scroll to Top