Phishing is a Growing Threat
Phishing is one of the most common and fastest growing cybersecurity threats today. In fact, RSA research found that a phishing attack occurs every minute, and these attacks cost organizations $4.5 billion in losses worldwide in 2014. Recently healthcare has become a highly sought after target for cyber criminals due to the large volume of sensitive data that the industry holds. Several healthcare organizations have recently experienced breaches that were the result of a phishing attack. For example, last year a regional medical center in Washington compromised the information of 8,300 patients after several employees responded to phishing emails with database user names and passwords, giving hackers access.
The first step in reducing the likelihood of becoming a phish victim is to create awareness of the threat. To help the industry fight back, CynergisTek offers a Phishing Assessment service and works closely with providers and vendors to assess their organization’s ability to recognize a phishing attack. The assessment is designed to create a training experience that will teach users how to identify a phishing email and help create more cybersecurity awareness across the organization.
How CynergisTek Helped
Healthcare Providers Need Third-Party Expertise
One of CynergisTek’s clients views protecting patients’ personal information as part of its commitment to providing quality care. Their information security team realized the extent that phishing threatened the integrity of their information security program and worried that insiders might jeopardize the posture of the security program. The team decided that a third party phishing assessment would be an effective tool for creating awareness around how easy it can be to become a victim of a cyber attack. The information security team selected CynergisTek to execute a phishing assessment based on an existing working relationship.
CynergisTek Executes a Phishing Assessment
CynergisTek’s solution included multiple phishing email campaigns directed at hundreds of users per campaign. Emails were sent across the organization, and all campaigns consisted of a realistic scenario based upon the latest phishing trends and insider knowledge of the organization. CynergisTek’s assessment provided insight into the organization’s ability to take a critical eye to suspicious emails, and also delivered reports about how far the user swam into the phishing net.
More Phishing Awareness is Needed
During the phishing assessment, CynergisTek deployed several phishing campaigns and found that 42% of the phish emails were opened and 74% of those users then clicked a link within the email. 80% of users that clicked proceeded to submit personal or company user credentials, such as user name and password.
CynergisTek delivered the eye-opening phishing assessment results to the executive team. All were surprised to discover how many employees failed to verify that the destination website was not the website link it was posing to be, and they were even more concerned to learn that the majority of people that clicked on the link were willing to provide company and/or user credentials. Upon conclusion of learning the results, it was evident that security and cyber threat awareness needed to be a much bigger part of the organization’s culture.
Don’t Become a Victim
The most important step to prevent a phish attack is learning how to recognize one, which is not as difficult as it may seem. You can learn how to identify phishing emails by adhering to fundamental email practices, such as asking “Who is the sender?” and “Have I interacted with this entity before?” prior to clicking on any links.