Today’s cyber security landscape continues to reveal new and unfortunate malicious agents that threaten reputations and compromise globally.
This growing socio-technical problem is driven by attackers who are well resourced, well-funded, and who understand the weakest link of any cyber security strategy: Human error. It makes sense then, that our daily mode of communication, the email, is far from immune from online attack, or what is known as ‘Phishing’.
What is Phishing?
Phishing is a social engineering activity that tricks users into giving out sensitive information to cyber criminals via email. It is an elaborate method of preying digitally on people’s emotions: greed, curiosity, or fear. They will be pushy or make threats or promises so you will respond immediately without thinking.
What are the consequences of Phishing?
- 91% of cyber attacks start with a phishing (email according to PhishMe)
- There has been a 136% increase in identified global exposed losses relating to email account compromise scams between December 2016 and May 2018 (according to Internet Crime Complaint Center (IC3))
- Cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP, according to McAfee
Why do we fall for Phishing?
Today’s phishing campaign has evolved from the wildly obvious malware links and suspect sender addresses.
Phishing emails are more commonly: personalised, researched and targeted at the individual, contextual awareness of names, colleagues names, routines (month end invoicing etc.), role within organisation, and personal interests.
Double barrel emails use multiple emails as a lure to build a credibility email chain before sending the hook, the link that will compromise your data by opening the floodgates to whatever fresh hell awaits in the incoming malware.
And, while crucial red flag include careless spelling and names, today’s phishing emails are carefully written with appropriate grammar, and now many incorporate relaxed writing style in context of the imitated sender.
In fact, future AI will soon automatically determine writing style, slang, and replay.
Mitigating security attacks starts by building controls around people, process and technology.
Phishing targets your people, which means user awareness training is essential along with a mix of protocol processes and technologies solutions. Here are a few places to start to begin building your defense against Phishing:
- Email signing certificates from trusted certificate authorities
- Trusted SPAM/Phishing email prevention software
- Kill chain controls: URL Filtering, C2 detection, malware detection
- Multi Factor Authentication may help but is not always a guarantee, location awareness is important
- User Awareness Training
It will always come down to the weakest links in your line of defence: human error. So on top of user awareness training, ensure your users change their perspective on emails and:
- Always verify – think before you click
- Never download strange/unsolicited attachments
- Update software frequently
- Use caution while surfing the web and checking your inbox
- Keep your emotions in check
- Report immediately to IT if you think you’ve taken the bait
Finding the right security strategy for your business
Designing the right security strategy for your business is a complex process. Our Security Experts have the experience and technical expertise required to provide you with 360° visibility of your environment.
Find out more about our full range of managed 24/7 cyber security services or get in touch for a free consultation.