A recent report by McKinsey indicated that ‘spear phishing’ has increased seven-fold since the beginning of the COVID-19 pandemic.1 I’m sure that many of you have heard of phishing before but are unsure as to what spear phishing is and/or how it differs. Many people who are accustomed to identifying malicious phishing emails are still unfamiliar with what spear phishing is and could fall victim to a sophisticated attacker.
Source: APWG Phishing Activity Trends Reports, Q1 2020 – Q2 2022
The number of phishing attacks reported has quadrupled since early 2020. Yet, the number of unique subject lines used has dropped precipitously over the past couple years, as more emails have contained duplicative subject lines; this implies more accurate targeting of key accounts with subject lines proven to be effective in soliciting responses.
Consistent with the above data that shows spear phishing on the rise globally, we have also seen more and more spear phishing activity at Pearl over time. While it’s impossible to completely eliminate this type of risk, we’re continuously expanding our arsenal of technical and administrative safeguards to decrease the frequency of, and our vulnerability to, these types of attacks.
At Pearl, we’re committed to building technical and administrative safeguards into our systems to ensure that data from our company, our employees, and our customers is as secure as possible. As we develop our own data security best practices, we also believe in sharing this information with other organizations that may find it helpful.
To that end, below are some technical and administrative safeguards that you can put in place to make your organization less vulnerable to sophisticated spear phishing attacks:
1. Technical Safeguards
2. Administrative Safeguards
We hope that you find the list of technical and administrative safeguards above informative and helpful so that you and your organization can put best practices in place to protect yourselves against spear phishing and other threats to your data security.
To learn more about data security at Pearl Health, read my blog on our path to HITRUST Certification, which explains why we’re building Security Compliance from the Ground Up.
- Venky Anant, Jeffrey Caso, and Andreas Schwarz, “COVID-19 crisis shifts cybersecurity priorities and budgets,” McKinsey & Company. July 21, 2020.