EDITOR ’ S QUESTION
Phishing has become a favored tactic for cybercriminals because it delivers results . By crafting emails so they appear to have come from a legitimate source , recipients can be tricked into opening attachments or clicking on links that result in systems becoming compromised . Indeed , The State of Cyber-resilience in Australia 2022 report revealed that 60 % of employees assume links in emails are safe to click on if the message came through the corporate email system , and 22 % download and install unapproved software on to devices used for work .
Recent global analysis by Barracuda of millions of business emails served to shine a spotlight on the problem . The research found that 51 % of social engineering attacks are phishing attacks and small businesses are far more likely to fall victim than larger enterprises .
Thankfully , there are a range of initiatives that organizations can undertake to reduce the likelihood they will fall victim to a phishing attack . The initiatives fall into two distinct categories : technology and human .
There are a range of ways technology can be used to thwart attacks and they include :
• Deploying AI-powered email protection : When it comes to technology , one of the most effective ways to use it against phishing attacks is to deploy some of the sophisticated Artificial Intelligence tools now on the market . These tools help to combat the fact that cybercriminals are adapting their tactics to bypass gateways and spam filters such as account takeover or business email compromise ( BEC ).
• Monitoring suspicious logins : Tools can be used to identify suspicious network activity such as logins from unusual locations and IP addresses as this can be a sign of a compromised account . It ’ s important to also monitor email accounts for malicious inbox rules , as these are often used as part of account takeovers .
• Making use of MFA : Multi-factor authentication ( MFA ) provides an additional layer of security beyond simple username / password combinations . Additional factors can include authentication codes , thumb prints and retinal scans .
• Automating incident response : An automated incident response solution will help an organization quickly clean up any threats found in user inboxes which , in turn , will make remediation more efficient for all messages in the future .
There are also a range of ‘ human ’ initiatives that can help with the problem . They include :
• Conducting regular training : Staff must be trained to recognize and report phishing and spear-phishing attacks . They need to understand their fraudulent nature and know how to respond . A phishing simulation can help train users to identify cyberattacks and evaluate the users most vulnerable to attacks .
• Reviewing internal policies : It ’ s also important to help employees avoid making costly mistakes by putting procedures in place that determine how all incoming email-based requests are handled .
• Ensuring data-loss prevention : Put in place the right technologies and business policies to ensure emails with sensitive information are blocked and never leave the organization .
By following these initiatives , an organization can significantly reduce the likelihood it will experience disruption and losses as the result of a successful phishing attack . p
MARK LUKIE , DIRECTOR OF SOLUTION ARCHITECTS – APAC ,
www . intelligentcio . com INTELLIGENTCIO APAC 35