Updated 05/09/15 with screenshot from @conradlongmore
A business is only as strong as the capabilities that protect it, not only in a strategic or a governance manner but in a theoretical capacity.
Ubiqiti had $46m siphoned out of their accounts by way of a phishing email, this was disclosed on the SEC filings & this demonstrates the levels of losses that face a business as a result of phishing.
I spend a lot of my time tracking phishing campaigns and the associated botnets that make money, real money from the fraudulent transactions that occur as a result of phishing campaigns. Often, mail campaigns arrive in the 10's of thousands to unsuspecting recipients & that threat is growing greater.
- Do you have the ability to received unsolicited emails from spammers? Does your hardware capacity planning include daily spam campaigns?
- Do you as a spoofed sender have the ability to take hundreds of disgrunted phone calls (See below from @Conradlongmore) and unparalleled traffic to your site wondering why 'you' are sending emails asking for payment, or whatever SE technique is being used to deliver the mails.
- Are you customers and employees familiar with the disclosure of losses and third party information that may be disclosed as a result of one of your employees opening a phishing email?
- Can you cope financially with the fraudulent transactions that may occur as a result of these campaigns?
If you're unable to answer all of these questions with a firm, 'Yes', i would show a great deal of concern in identifying the areas which your business is exposed to. If you have any capabilities for payment processing or receiving payments then the risk of being phished is as great as ever.
$46m, think about that figure and consider if in relative terms you can afford that level of losses.