Hold Back the COVID-19 Cyber Crime Wave. Start with a Phishing Risk Assessment

April 9, 2020  Jeff B. Copeland

Google recorded a 350% increase in phishing websites recently, a disturbing metric on the extent to which cyber criminals have adjusted their tactics to exploit the new opportunity of a massive increase in stay-at-home workers.

Criminals are counting on many of these workers being in a state of fear of COVID-19 and confusion about security practices, at a time when security teams are trying to reconstruct defenses outside the perimeter, one step at a time (like painstakingly changing email rules to block “coronavirus”).

There’s an evil genius in the scope and variety of phishing emails security researchers report:

  • Spoof messages that seem to come from the company’s HR department with a downloadable document on “work from home policy” – loaded with malicious macros.
  • A “critical security advisory” from a company’s software vendor with a link to a convincing looking site for the employee to enter credentials.
  • Phony invitations to teleconference meetings; click the link and launch ransomware or an APT.
  • Business email compromise messages seemingly from a vendor demanding payment to a new back account “due to the pandemic,” counting on a breakdown in audit controls because of distributed staff.

Security and risk teams need to respond quickly and, in this economic environment, with a careful cost/benefit justification.

RiskLens wants to help. As the leader in quantitative cyber risk analysis, with the only SaaS solution based on the FAIR™ model, the international standard for cyber risk quantification, we’ve assisted many Global 2000 companies in understanding their cyber risk exposure in financial terms as a basis for informed decision-making on security investment.

We are offering for a limited time and at no cost, a half-day Phishing Risk Assessment to help you quickly adapt your security program to the phishing wave in the most cost-effective way. 

We’ve already completed a number of these assessments, and here’s the agenda:

  • RiskLens Professional Services team members hold a 2-4 hour workshop via teleconference with relevant Security, IT and Risk Management staff to gather data specific to the organization.
  • Using the RiskLens platform, the RiskLens team generates an analysis showing how, where and how much loss exposure could occur--in dollar terms--as a result of phishing-initiated cyber attack, covering direct costs (such as incident response) and indirect costs (such as loss of revenue or productivity) – all tailored to the organization.
  • The day after the workshop, the RiskLens team holds a one-hour executive briefing to report on the findings in non-technical, business language that business decision-makers can understand and act on.

This offer is valid until May 15, 2020, and comes with no ongoing obligation other than a non-disclosure agreement.

Organizations that have tried our Phishing Risk Assessment report that they not only gained clear direction for their security program, but as a bonus, gained a hands-on education in the power of quantitative cyber risk analysis, the FAIR model and the RiskLens platform as critical tools for decision support. Click here to learn more about the Phishing Risk Assessment or Contact Us.