PHISHING INSIGHTS
As Phishing Evolves , So Does The Need For Prevention Strategies
BY MANOJ SRIVASTAVA , GENERAL MANAGER , ID AGENT / GRAPHUS
P
hishing is , and will continue to be , the cybercriminal ’ s favorite mode of attack . The reason is because it ’ s very simple to dupe even the smartest person with a cunning email designed to wreak havoc on an organization . Approximately 97 % of employees across multiple industries cannot recognize a sophisticated phishing email . It creates tremendous risk for companies and adds pressure on MSPs to keep them safe . Unfortunately , phishing is here to stay , and the bad guys are only getting better at it .
TYPES OF ATTACKS ON THE HORIZON
MSPs should be mindful that phishing attacks will continue to evolve in 2023 . They will need to budget accordingly and anticipate spending more funds on preventive measures than they did last year so they can protect their customers ’ infrastructure as well as their own . Here ’ s what to look out for .
Attacks will get more creative . Spoof emails will become more difficult to differentiate from authentic ones . Email users may see clever subject lines with messages such as “ changes to your health benefits ” or “ unusual login detected .” Other popular modes of attack could revolve around declined memberships , fake callsto-action about subscriptions , and billing and payments alerts .
Cybercriminals are also getting savvier with their use of deceptive links . Unsuspecting users may be misled to
click on links that then send them to malicious websites . And that ’ s not it . Methods using artificial intelligence ( AI ), such as cloning someone ’ s voice to get them to reveal sensitive information , will become more commonplace .
Clients in certain sectors may require more support . The top five sectors in which employees interact with phishing messages are consulting , apparel and accessories , education , technology , and conglomerates / multinationals . There are opportunities here for MSPs when it comes to offering security awareness training as well as the implementation of anti-phishing tools .
KEEPING CLIENTS SAFE
Phishing prevention requires a comprehensive strategy that incorporates AI , email security , and cybersecurity awareness training . The first line of defense is to invest in AI-based prevention tools that monitor and analyze email communications for behaviors such as the devices ’ external senders and employees , whom they message , what time of the day do they communicate , and where they communicate from . This information is used to generate profiles of trusted email senders , then compares incoming emails to these profiles to authenticate the sender and detect and prevent phishing attacks . AI-based monitoring software can even detect false login pages and recognize altered signatures via scanned images . Malicious emails are automatically quarantined so the end user never interacts with harmful messages .
20 | MSPSUCCESS . COM