Indian companies must increase phishing awareness

Businesses are being targeted for phishing attacks. These attacks are increasingly turning into a corporate concern, with much at stake -- such as reputation damage.

As illegal as it is, there's no stopping or reducing phishing attacks. But it's not just your average internet user who could be susceptible to phishing attacks—businesses increasingly are, too. They have much at stake, including possible damage to the corporate reputation.

Hackers and scammers carry out phishing to trick unsuspecting internet users into revealing their personal details such as bank account information and passwords.

In India alone, the financial sector has lost more than Rs 130 crores from phishing attacks over the past three years, as revealed in a recent report from security company Symantec. By January 2013, the global phishing rate rose to one in every 466 emails. In India, the education sector was the most targeted industry during 2011 but fell to second place as more phishers began to target the IT industry. Most of the education websites being spoofed were from the states of Rajasthan, Andhra Pradesh, Delhi, Maharashtra and Punjab.

The Indian IT industry bears the brunt of having been the target of the most number of phishing attacks with 14.4%, while the education sector ranked second with 11.9% of such attacks. Other industries targeted by phishers include product sales and service (9.8%), industrial and manufacturing (7.3%) and tourism, travels and transport (5.8%). 

A.K. Jain, co-founder and chairman of a leading steel production unit in West Bengal, said businesses are not addressing the phishing risk as thoroughly as they could. "A whole lot of individuals I know barely have the interest or knowledge to tackle phishing. Such is the impact that most give up fighting the same even before they begin the fight."

With corporate India continuing to experience a growing number of phishing attacks, it is becoming more important to face this challenge head on and find ways to safeguard the businesses. Here are some steps businesses can take to protect themselves from phishing attacks:

  • Invest in good antivirus, anti-spyware and anti-malware software and keep them up to date on all your corporate systems. For more comprehensive protection, choose software from two different, but reputable, vendors.
  • Ensure that all your systems are running the latest versions of the OS and all important applications.  Verify that your IT team applies all latest patches to the computers frequently. Software that hasn't been updated with the latest security patch is most vulnerable to phishing attacks.
  • Keep yourself up to date on the latest trends in the cyber-attack space. If you are aware of what's happening around the world, you can be proactive and take steps to protect your business from falling victim to such an attack. Don't just wait on your antivirus provider to offer the latest updates.
  • Roll out a formal end user security awareness campaign throughout your organization to train your employees about phishing attacks and the possible consequences. No amount of software can protect your systems if your end users are unaware of how to take preventive measures at their end. Let them know that they should never send out personal information—especially their credit card or bank account details—via email.


Read more on Security policy and user awareness