Whether you’re an SME or a large multinational company, the risks of being victim to a phishing attack have never been higher, as criminals – and technology – become more sophisticated.
In 2018, the McAfee Economic Impact of Cybercrime Report found that the estimated cost of cybercrime was $600 billion. And years before that, phishing defence company Cofense (formerly PhishMe) found that the vast majority of cybercrimes (91%) start with a phish. That makes sense if one thinks of phishing within the world of cybercrime as being akin to cutting the electric fence surrounding a house that is consequently burgled: if that initial defence is breached, an asset is left open to a wide variety of crimes.
Given the 2020 context amid the Covid-19 pandemic, data is emerging of how impersonation fraud has increased over the near-worldwide lockdown period, as “threat actors” began taking advantage global pandemic. Microsoft’s threat intelligence team, for example, reported a global increase in opportunistic phishing attacks since the Covid-19 pandemic began.
In this context, it’s becoming increasingly urgent to protect your business against phishing attacks, and ensuring DMARC compliance on your domain is by far the most effective way to do this (read here for why you need DMARC in your business).
You’re probably already aware that phishing attacks can result in severe financial consequences. While the financial consequences are enough cause for concern, there can also be other long term ramifications to your business:
- Brand damage. A phishing attack on your domain can result in severe reputational damage to your brand – even though you had nothing to do with the attack. If your company domain is used to send fraudulent phishing emails, victims may associate your domain with the fraud in question. Especially if you’re in a competitive industry, undoing this association can be challenging. Brand is delivering viruses, malware and ransomware to your domain.
- Ramifications for executives. If you’re an executive in a company who falls victim to such an attack, you may have to go to court, face the media or even lose your job as the person who was responsible for the damage that resulted.
- Less room for plausible deniability. When phishing first became a threat several years ago, company executives could claim that there was nothing they could have done to prevent such attacks, as they didn’t know the risks. Now that DMARC is fast becoming accepted as a global best practice, where you can see the phishing attacks happening in real time from your email addresses – as an executive you’re compelled to do something about it.
- Risks to customers. Protecting your domain is not just about your own company security – it’s about protecting your customers’ data too. Should your domain come under threat, there’s a very real chance that your customers could be affected too, which in turn could cause serious damage to your brand. As a corporate citizen, securing your domain is therefore the responsible thing to do.
Beyond the financial impacts, it’s clear that the greater reputational implications on your business – and you as an executive – make the threat of a phishing attack even more serious. And while this threat is increasing, especially amid the Covid-19 pandemic, DMARC compliance means that you can take action now to avoid being at risk.