Your MSP business relies on keeping up with the latest cybercrime threats and news. Falling behind can be the reason why clients want to try out other providers. One thing that separates experienced MSPs from newbies testing the waters is that seasoned providers understand that security is a top priority. Here’s a look at why planning against phishing should be on the minds of MSPs:
Importance of the APWG Report
One source to check for regular updates is the Anti-Phishing Working Group (APWG), which releases a report every quarter about the latest cyber threats. The APWG is made up of 1,800 organizations from around the world, united against stopping cyber threats. According to APWG data, phishing threats are on the rise, up 65% in 2016 from the previous year. The report revealed that, in 2016, there was a total of over 1.2 million hacks.
The APWG has been issuing its reports on computer attacks since 2004. Back then, the average number of phishing attacks was about 1,600 per month. By 2016 the number had grown into a range of 70,000-156,000 attacks per month. About 42% of the attacks were in the retail industry, followed by the financial and ISP industries. An average of 400 brands is targeted each month. One of the most eye-opening stats was that social media-based phishing increased by 500% in the fourth quarter of 2016. The good news in the report was that phishing attacks dropped off during the holiday season in December.
Why Should MSPs Stay on Top of Phishing?
Spoofing, a form of phishing, occurs when an attacker spoofs a popular site or one that a victim often visits. When the victim clicks a deceptive attachment, it unleashes malware. The report found that most internet users are easy to fool. One of the ways to spoof a popular domain involves using a URL shortener. Since most users don’t expect to be attacked, they don’t bother checking the URL closely to see that it’s suspicious. A University of Texas at San Antonio study found overconfidence was a key reason many users have been fooled.
According to additional research from Kaspersky Labs, its anti-phishing system was triggered over 30 million times in 2015. InfoSec Institute has reported that industries most targeted by phishing attacks that year were:
- Delivery Services
- Internet Service Providers
- MM Reseller
- Payment Services
- Social Networking
Some cybercriminals set up phishing sites designed to look high-quality to execute scams. In late 2014 there were over 17,000 such sites. Spear-phishing began to emerge in 2013 in which a scammer uses specific details they’ve collected about a target so that they can pose as a trusted source. It leads up to the scammer saying something like they lost their wallet on vacation and if the victim can help.
Steps You Can Take to Block Phishing
As an MSP business owner, you can take the initiative at protecting your clients’ networks and digital assets by training the staff how to watch out for strange emails. All it takes to create chaos is for one employee to get caught off-guard. Here are issues you can address when training employees to steer clear of cyber threats:
- Discuss the main types of phishing: spear phishing, whaling, and watering holes
- Define phishing risks
- Identify suspicious URLs
- Distribute a list of best practices to avoid phishing scams
You can take training on step further to expose team members to real-world scenarios with a simulated phishing awareness test. Using animated videos, you can sharpen people’s awareness quickly about the dangers of opening strange emails. It’s a helpful test in determining which employees are most alert and knowledgeable about detecting cyber threats. One of the most important revelations from the APWG’s 2016 report was that the average business user is confronted with at least one risky email per day.
In order to run a competitive MSP business today, you need to be able to provide your clients with maximum knowledge about the challenge of overcoming phishing threats. A growing number of cyber threats, in general, should keep MSPs alert and ready to offer the latest security solutions.