The Continued Threat of Phishing Attacks for SMBs

The Continued Threat of Phishing Attacks for SMBs

Phishing is an IT headache that is here to stay. But what is the clearest threat to your SMB clients--social media or garden-variety spam?

By Tim Sprinkle

Traditional spam emails remain the number one electronic security threat to SMBs, according to the results of a recent IT survey commissioned by anti-spam filtering software provider SpamTitan Technologies (so remember that grain of salt). That’s despite the high profile increase in phishing attacks perpetuated via social networking sites like Facebook and Twitter, says the company.

Although 37 percent of IT managers surveyed did admit that online phishing is a growing problem for SMBs, 75 percent called tried-and-true spam attacks the top security issue they face on a day-to-day basis. Social networking-based intrusions remain marginal threats at best, especially given the overwhelming prevalence of email scams.

According to a Microsoft Web security report released in 2009, spam accounts for more than 97 percent of all sent emails, and the Palo Alto-based Radicati Research Group found that spam costs businesses some $20.5 million annually in lost productivity and IT downtime.

But are phishers starting to shift their focus from email to social media? Opinions are still divided on that point, with 31 percent of respondents dismissing the appearance of a rising Facebook threat as simply a result of the increased use of social networking sites by business users. More users equal more targets, after all, though it can be tempting to extrapolate that there are more phishers at work in the social networking sphere as a result.

The SpamTitan findings jibe with a report released earlier this year by Kaspersky Labs that found that just 5.7 percent of phishing attacks in the first three months of 2010 could be traced back to Facebook. Compare that to HSBC, eBay, and PayPal, which together account for more than 52 percent of all online scams, according to Kaspersky.

Either way, phishing is an IT headache that is here to stay.

“Phishing attacks remain a clear and present threat to businesses,” says Ronan Kavanagh, CEO of SpamTitan Technologies. “There is no evidence to suggest that network security measures are discouraging the number of phishing attacks; it is simply that the arrival of social networking in the workplace has presented phishers with a bigger pond to phish in.”

As far as prevention is concerned, Kavanagh suggests that IT managers establish clear policy guidelines and educate their users on the various types of electronic threats facing their networks. Awareness is the number one tool in the fight against phishing attacks, he says, whether they come in via email or social networks.