A few weeks ago I was invited to speak with the Nominet Policy Advisory Board on the impact Phishing has on small business in the UK.
Essentially Nominet are trying to decide just how involved they should be when it comes to managing Phishing. For those of you who don’t know what Phishing is at its most basic level Phishing occurs when you receive an e-mail that seems as though it is from a reputable source, usually a financial institution of some kind. This e-mail usually leads you to a website which also looks reputable and asks you for your personal details such as credit card number, bank account number, inside leg measurement – you get the idea. Crooks then use this information in attempt to gain access to your hard earned cash using fraudulent techniques. More information can be located on the Phishing Wikipedia entry.
The Nominet Policy Advisory Board is made up of a number of people either elected or appointed. These people come from all walks of life and involve themselves in I.T. at various levels from directors of companies through to hardcore geeks (like me) 
.
At first I was under the impression it would be a standard meeting where I would get to speak if I felt I had something to say (which is usually the case if I’m honest). Alas it was not to be so simple and it turned out beforehand that I was to give a 15 minute presentation on Phishing and small business. So with no time to spare a survey was sent via e-mail to all 200,000 members of the FSB in an attempt to get some real life statistics. Fortunately our members were feeling talkative and we received over 5000 responses, the second largest number of responses to ANY survey undertaken by the FSB. This gave me the most up to date and accurate data on Phishing and small businesses, so I turned up to the meeting feeling like I could inject some serious facts in to the debate.
The stats that I presented were interesting to say the least with over 70% of business owners stating that they had an understanding of what Phishing is, and of those a massive 96.5% knew that it was a threat. That was just the start, we then discovered that 12.2% have been the subject of a Phishing attack. That’s 1 in 10 people! Scary. More worrying still is the fact that over half of those 1 in 10 people believe that they could be the subject of a similar attack. This leads me to believe that the first e-mail was so sophisticated they really don’t feel like they could spot a similar e-mail. Additionally it also tells me that more education is needed, fool me once shame on you, fool me twice etc etc.
More statistics can be found on the Phishing PowerPoint presentation I used at the meeting.
The outcome of the presentation was very positive. The board felt that there was not enough co-ordination amongst the organisations who can help to reduce these attacks such as ISP’s and financial institutions. The next step is for the Executive to formulate policy proposals for the board to consider, so it seems we’ve made a positive impact!
For those of you interested in the details of the meeting I’ve linked to the minutes.
