INTELLIGENT BRANDS // Enterprise Security
POWERED BY
Something ‘phishy’: how to
identify and avoid phishing scams
/////////////////////////////
Harish Chib, Vice
President Middle East
and Africa, Sophos
Protect your weakest link – users
Even with the best upfront filters, attacker
methods such as BEC – with no executables
or links to detect – may still get through.
Appropriate training and education is critical
for ensuring that all your employees know
how to spot and deal with these types of
email messages.
Secure your last line of defence
Harish Chib, Vice
President, Middle East
and Africa, Sophos,
outlines some tips
for businesses and
organisations to protect
themselves against the
current phishing trends.
P
hishing is one of the most common
attack vectors for hackers who exploit
end-user behaviour as the weakest link
in an organisation’s cyberdefence. For years,
criminals have disguised attacks in emails and
today we see phishing emails as a primary
delivery method for ransomware payloads.
Phishing emails have led to massive data
exposures, which caused major reputational
and financial damage in the private and public
sector over the last few years.
As cybercriminals continue to prey on
employees through their technology, they are
always taking measures to be one step ahead.
www.intelligentcio.com
In an organisation all it takes is one employee
to take the bait.
Today’s phishing attacks are so prevalent
and so convincing across organisations.
What started off as simply ‘phishing’ has
now developed into three branches of
attacks: the classics, mass phishing and
spear phishing and the recently emerging
trend of business email compromise tactic
acting as a subset of spear phishing.
Phishing attack prevention:
Stop threats at the door
The best defence against phishing emails is
your email gateway. Email protection is your
watch guard, blocking 99% of unwanted
email at the gateway, including malicious
attachments, content and URLs – long
before an end-user ever sees them.
Web filtering is another must-have as a front-
line defence, filtering and blocking infected
URLs should your users click an email link.
And file sandboxing ensures those nasty
malware laden downloads get removed from
the threat chain early on.
If your click-happy end users inadvertently
unleash potent, powerful malware onto
your systems, there’s still ample opportunity
to stop the damage – and even reverse
its effects. Next-generation exploit
prevention solutions will identify, analyse
and neutralise the effects of even the most
advanced, unseen malware out there and
automatically clean up all trace of infection
so you can get on with your day.
Know your business
Make sure your company processes are
understood, that you encourage employees
to question requests that seem out of
character from other employees and senior
managers and, perhaps most important of all,
ensure you have a two-stage approval process
for all significant fund transfer requests. All
the defences in the world aren’t going to stop
an employee from unknowingly sending la rge
payments to a thief without some proper
checks and balances in place.
Phishing is a problem that will not go
away. But you can be more cautious and
train yourself to look for giveaways that
will tell you if you have visited a phishing
website. Cybercriminals will continue to
take advantage of opportunities as long as
they are getting their money. The fight is
challenging but it’s something we can win. n
INTELLIGENTCIO
71