There is no doubt that phishing is one of the most dangerous online threats to financial services institutions and their customers. The Quarterly Threat Trends and Intelligence Report from Agari and PhishLabs identified financial institutions as the target of 42 percent of phishing attacks; the next closest industry—telecommunications—only accounted for 23 percent. Taking a proactive approach to prevent an attack can help avoid brand and reputational damage and the financial impact of fines as bad actors find more sophisticated ways to compromise these institutions. Through email phishing and spam protection, vendors can enhance legitimacy and credibility.
Download: Digital Data Protection in the Age of Phishing
Email phishing and spam are just about as old as the Internet. It is not surprising that cybercriminals have continued to improve their attack capabilities in relation to email attacks given the return on investment that even one successful attack provides. “The target of most cyberattacks is money,” said Eric Anderson from Atlantic Data Security, “and phishing is a low-cost, high-reward endeavor. Sending out thousands of emails requires very little time and money, yet just one success has the potential to result in millions of dollars in profit.” Recent phishing attacks have targeted some of the biggest names in business including PayPal and CVS. In addition, these email scams have targeted student loan programs, in which approximately 48 million Americans participate.
It’s clear that email phishing is a legitimate problem, affecting financial institutions and millions of customers around the country, but financial institutions can turn the tables on these hackers and provide better protection for their customers and partners with some simple, but smart investments. Adding layers of email phishing and spam protection can help institutions remain safe from these attacks. While most companies invest in employee education as a frontline defense against phishing attacks, they tend to assume that there are defenses built into their email client. However, this is not always true, including for Microsoft 365.
To close this gap and mitigate threats financial services institutions are turning to solutions that filter emails to reduce the chance of malicious attachments reaching employees’ inboxes. Email security solutions are easy to implement and designed to work in tandem with institutions’ current email providers, including M365. “It’s easy for attackers to identify an M365 user, making maximizing security on these accounts crucial,” said Andy Syrewicze, Technical Evangelist at Hornetsecurity. “Adding an extra layer of protection to your company’s email, as well as backup for endpoints like Teams and SharePoint, is essential to defend against spam, phishing, malware, ransomware, encryption, and data loss.” In case a phishing email does make it past the filters, training can equip employees with the tools they need to recognize and react appropriately.
With cybercrime a constant and mobile banking, remote work, and the low-cost of entry for phishing attacks, the chances of being targeted are near 100 percent. However, with a combination of employee training and state of the art tools, phishing attacks and the tremendous damage they cause to reputation and the bottom line don’t need to be a near certainty. Protecting inboxes from phishing and spam is an investment that always pays dividends.
