We all hear so much about phishing attacks that it can become just background noise, rather than a risk and threat to our organisations – I am guilty of adding to noise as I regularly write about the various types of phishing attacks. For instance, I wrote a whole Back-to-Basics on Phishing and Social Engineering:
But you should make phishing attacks your #1 cyber security issue.
Why?
Annual UK Government surveys have consistently reported that phishing attacks are the top cyber security issue. The Cyber Security Breaches Survey 2024 reported more than 80% of organisations recorded phishing attacks. (Department for Science, Innovation and Technology 2024). The 2025 report is due imminently and I do not think anyone expects this statistic to improve.
Again, Why?
Because it is too easy for threat actors to make money and gain a hacking advantage through email and other types of phishing attacks. Here is just one example recently published on SANS Internet Storm showing the mechanics of such attacks:
A Tale of Two Phishing Sites – SANS Internet Storm Center
Where do you start?
Get the best technical tools your organisation can afford, consummate with the threats and risks faced by your organisation. If you need help deciding on those threats and risk have a look at this article:
IT and Cyber Security Audit | Smart Thinking Solutions
Strengthen those technical tools with involving your team with the cyber security of the organisation they have a stake in:
Cyber Security Awareness Training – Why? | Smart Thinking Solutions
Take the next step…
I am going to repeat myself here, “…make phishing attacks your #1 cyber security issue.”
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Department for Science, Innovation and Technology. 2024. “Cyber Security Breaches Survey 2024.” GOV.UK, April 9. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024.