"In 2019, Spain was one of the countries with the highest number of phishing attacks. Many companies and individuals fell victim to cyberattacks through email, resulting in the loss of confidential information due to stolen credentials and passwords.
To grasp the seriousness of the issue, this news from Levante explains that phishing attempts increased by 640% in Spain, and IT Reseller states that over 50% of companies experienced a successful phishing attack in 2019.
The lack of an adequate antiphishing system is the main cause of these attacks. One of the primary responsibilities of companies is to ensure the security of their employees and customers, avoiding the loss of confidential information and sensitive data. That's why you should take all possible measures to prevent any vulnerabilities or security breaches in your system."
Phishing comes from the Spanish word 'pescar' or 'picar', which means 'to fish' or 'to hook'. Phishing is a type of cyberattack launched through email with the aim of deceiving the user into taking a specific action, such as clicking on a link to download an infected file or attempting to steal credentials by redirecting them to a fraudulent website with a fake form, hence its name.
The purpose of phishing is to obtain confidential or sensitive information that can compromise a company. The attackers' goals typically involve intercepting communications to gain economic benefits (e.g., changing the account number on an invoice) or trying to infect users' devices to gain access to resources or infect the device with viruses (e.g., malware or ransomware).
To achieve this, phishing emails are designed to blend in with legitimate commercial or informational emails, making it easy for users to be deceived."
Having an antiphishing solution in place is one of the primary actions you should take within your company to prevent this type of attack and ensure the security of your employees and clients. However, there is another factor you should also consider, which can be a contributing factor to successful phishing attacks: the human factor, that is, your employees.
Providing training for your employees is crucial so that they can detect any phishing threat and avoid taking any actions that could compromise the company's information and data, thereby ensuring the security of your clients and your business.
At ESED, as specialists in cybersecurity services, we have developed ESED Defense, a plan of active defense based on three pillars to combat any type of cyber attack: ESED Attack, which involves launching controlled attacks to identify vulnerabilities and gaps in your security system and address them; ESED Control, where we work on encrypting information to ensure its absolute security; and ESED Training, aimed at training your team to detect cyber attacks effectively.