Cyberattacks using more sophisticated phishing, social engineering and other new hacker tools have been quick to leverage off many businesses newly extended infrastructure. Throughout the pandemic over 193.5 billion credential-stuffing attacks occurred globally, with a particular focus on the financial sector who saw a 45% increase with over 3.4 billion being lost to malware and phishing attacks.
Phishing is on the rise
Microsoft’s 2021 Future of Work report shows that 80% of organisations experienced an increase in security threats in 2020, a trend which is set to increase in 2021 and of these, 62% said phishing showed the most significant increase.
What is a Phishing attack?
Phishing is a cyberattack where the attacker targets multiple people into disclosing personal information, revealing login credentials, or transferring money. This type of attack can also be broken down into four many areas:
- Spear phishing: A phishing attack targeting a specific individual.
- Whaling: A phishing attack targeting a company executive
- Smishing: Phishing via SMS
- Vishing: Voice-phishing, via phone or VoIP software
These attacks go far beyond the personal identity theft of unwitting victims and specific techniques vary by industry, however, 61% of all data breaches are the result of schemes that try to swipe login credentials. Many companies use email security systems which scan for suspicious links and remove attachments. But corporate email systems remain an easy route for hackers to gain unauthorised access to a computer network or server to launch a cyberattack. This year, 36% of successful corporate cyberattacks involved phishing, an increase of 11% over last year.
Hook, line and sinker
It is important to train staff to spot potential spear-phishing emails and delete them. The best policy is to proceed with caution and focus on prevention rather than remediation. It’s critical to complement staff education with technical solutions that prevent phishing and spear-phishing emails from ever arriving in your users’ inboxes. We have three quick wins to help you protect your business:
1) Security awareness training – Educating your workforce is key to helping combat information security breaches. Effective training helps employees understand proper cyber hygiene, new security risks and help your workforce to identify cyber-attacks via email and web.
2) Simulation exercises – Running simulated phishing scams on your organisation is key to evaluating your security set up and reassess your workforces understanding to cyberthreats. Various SaaS (Software as a Service) products allow you to run a test based on the threats most prevalent to your business due to sector or size etc. Good reporting and technical support are a must and are the cornerstones in preventing data and security breaches.
3) Security technology – To prevent phishing and social engineering attacks, you should look to invest in three main security solutions:
– Spam filtering – Run on premise or cloud-based, providing up-to-date definitions, heuristic analysis and AI integration.
– DNS and URL filtering – Shield users from clicking on malicious links in email messages.
– Anti malware and antivirus- Block users from running dangerous code on their machines.
-S/MIME digital email signatures – Allows you to digitally sign your emails to verify you as the legitimate sender of the message, making it an effective weapon against many phishing attacks out there.