Phishing and Security Awareness, Cybersecurity Tips & Best Practices
Speed Is A Strategy, Not A Setting: How Mid-Market IT Should Move
July 08, 2026
Read NowOver the last few years, phishing attacks have continued to rise as attackers refine strategies, execute successful programs, and make money. Attackers are taking advantage of end users to steal credentials or get them to click on malicious links. In fact, with 66% percent of malware now installed via malicious email attachments, most cyberattacks resulting data breaches now begin with a phishing email message.
Attackers persistently target organizations with spam, phishing, and advanced socially engineered attacks (using deception to trick users into divulging personal information). End users are an easy target and are the weakest link in your security defense. In this blog, I’ll delve into phishing attacks, why they work, and what your risks are. I’ll discuss the importance of protective controls, a comprehensive security awareness program, and some best practices to reduce the phishing risks.
Phishing exploits were once associated with poorly constructed emails from Nigerian Princes. Today, attackers have improved their techniques significantly and these phishing emails are getting much more difficult to spot. Phishing uses malicious emails that attempt to bait a user into performing an action such as:
Sadly, phishing attacks are happening more frequently. Across Ascend’s client base, we see daily phishing attacks. Attackers are targeting specific individuals and groups within organizations including senior leadership, accounting, and human resources. In the phishing campaigns we perform for our clients, 40% percent of emails are opened, 25% of links are click, and 7% of users enter their credentials or open malicious attachments. The numbers do improve during subsequent tests but keeping end users educated is critical.
They work! Attackers are interested in money. Phishing is a big business in and of itself, and the scope and scale of phishing attacks have increased significantly in recent years. Advanced phishing attacks are costing businesses an average of $140,000 per incident. Attackers extort money from your organization using ransomware or social engineering, or they’ll steal data and credentials that can be sold via dark web markets. And as the phishing threat landscape evolves, so do the attackers.
Phishing emails lead to data harvesting or the execution of malicious code on the victim’s workstation, which can have wide spread effects on an organization. After a successfully phishing attempt is made, the attacker usually tries to capitalize by attempting to transfer funds or steal confidential information. The following are the most common exploits of a successful phishing campaign.
Phishing emails are always changing, and unfortunately, no single product or technology will fully protect your business from a targeted phishing attack. However, a multi-layered approach of combining security technologies and educating employees is a good way to start to reduce risk. Below are a few successful approaches we have seen work for our clients:
Phishing attacks are real and will eventually hit someone in your organization. Make sure your organization encourages your employees to question requests that seem out of character from other employees, customers, and mostly importantly, senior leadership. End users will continue to be the easiest target for attackers in most organizations but establishing preventive controls and training employees can go a long way to prevent these attacks.
Even after investments to ensure a strong security posture, something will fall through the cracks. You should have a process for two-stage approval for all significant fund transfer requests. The process could be as simple as calling the other party to validate the transaction, but something that requires an additional authorization is critical.
The best defenses still may not stop an employee from unknowingly compromising your organizations intellectual and financial security. A strong security program with employee training regarding phishing helps put checks and balances in place.
By Mike Manske
Phishing and Security Awareness, Cybersecurity Tips & Best Practices
July 08, 2026
Read Now
Phishing and Security Awareness, Cybersecurity Tips & Best Practices
July 07, 2026
Read Now
Phishing and Security Awareness, Cybersecurity Tips & Best Practices
June 30, 2026
Read Now©2026 Ascend Technologies, LLC, All Rights Reserved | Privacy