The biggest risk stemming from phishing attacks for most enterprises is system compromise ultimately resulting in financial or data loss (or even ransomware). As such the primary defense mechanism must be a strong form of multi-factor authentication (MFA) and authentication standards such as Fast Identity Online v2 (FIDO2) or Web Authentication (WebAuthn).