EDITOR ’ S QUESTION
WHAT CAN BE DONE TO FIGHT BACK AGAINST INCREASINGLY SOPHISTICATED PHISHING TECHNIQUES ( PART 2 )?
When phishing attacks first garnered attention , they were much easier to spot than they are nowadays . When they first emerged they tended to be riddled with spelling mistakes and grammatical errors .
With an improvement in presentation , they have become practically impossible to distinguish from legitimate emails especially for those with a mountain of messages to wade through on a daily basis .
Small wonder then that there has been an increase in Spear Phishing . Cybercriminals know C-Level executives are more likely to be in a position where they can circumvent a company ’ s cybersecurity arrangements and are most likely to be the busiest people in a company so therefore are liable to be less thorough when assessing the safety of the emails sent to them .
Cybercriminals regularly modify and revise their tactics to out-pace mitigation efforts and stay ahead of the game .
One of the most important things to remember is that phishing attacks don ’ t only occur via email . Growing in popularity is phishing via SMS , known as smishing , which is proving successful as a means for criminals to lure victims into clicking on dangerous links .
There is hope though and perhaps the most important element in mounting a defense against phishing attacks is education . Organizations should educate employees on the signs of a phishing attack and work to explain what precautions can be taken .
Providing real-life examples is useful as is delivering up-to-date information to ensure a thorough understanding of the threat landscape .
The entire cyber landscape is changing at an unparalleled rate . We ’ ve seen this across every element of cybercrime , and phishing is no different .
Employees need to learn not to trust unusual requests even if an email appears to come from a trusted source .
The entire cyber landscape is changing at an unparalleled rate . We ’ ve seen this across every element of cybercrime , and phishing is no different .
The fact they appear to have come from a dependable source is meant to increase the success rate of the cybercriminal but any requests that appear to be out of the ordinary should be treated with extra caution .
Employees should always keep an eye out for requests that seem out of the ordinary or arrive at odd times of the day or night . If in doubt , the best advice is to contact the apparent sender by phone or via a video call .
32 INTELLIGENTCIO APAC www . intelligentcio . com