23 experts discuss the most common phishing attacks that businesses face and how you can protect against them.
According to Verizon’s 2019 Data Breach Investigations Report, social engineering attacks remain a prominent threat for businesses of all sizes. In fact, 32% of breaches involved phishing, an attack method that’s been around for many years yet continues to evolve. As individuals and businesses become more aware, cyber attackers develop increasingly sophisticated attack methods to trick users into handing over sensitive information. Still, many of the traditional phishing approaches still work, exploiting the weakest link in the cybersecurity chain – humans – to gain unauthorized access to systems.
Unfortunately, the weakest link when it comes to phishing and other cybersecurity threats is one that can’t be eliminated, because your business relies on its people to survive. But that doesn’t mean you can’t minimize the weakness. The best defense against phishing attacks and other social engineering attacks is to strengthen your weakest link through comprehensive employee cybersecurity awareness training.
To effectively train your employees on cyber awareness and cyber hygiene best practices, it’s crucial for businesses to understand the threats they’re up against. To help you understand today’s phishing landscape and the various methods attackers use to exploit the weakest link, we reached out to a panel of cybersecurity experts and business leaders and asked them to answer this question:
“What are the most common phishing attacks and how can businesses protect against them?”
Vestige’s own, Greg Kelley contributes to this informative article:
Greg Kelley, BS, ENCE, DFCP, is the Chief Technology Officer at Vestige Digital Investigations.
“The most common phishing attacks involve emails that mimic Office 365 logins or logins from other providers…”
The goal is to get a user to click on the link and provide their credentials. At that time, the perpetrator immediately uses those credentials to gain control of that mailbox and use it for fraudulent purposes such as accessing financial accounts or facilitating fraudulent payments.
There is no silver bullet to protect from this attack. Protection comes from multiple fronts.
First, educating users to spot these fraudulent emails. Part of that identification can be assisted by IT. Unique banners can be put on emails that truly come from Office 365 or another provider of yours. Teach users that if you don’t see that banner, report the email or delete it.
Second, do you have multi-factor authentication set up on your accounts? If not, why not? It may be inconvenient, but how inconvenient will it be to lose $100,000? Granted, there are phishing scams out there that look to circumvent 2FA, but if you utilize 2FA, you’ll stop the ones that don’t.
Third, review policies regarding changes in financial transactions or authorizations of large payments. Accepting just email notification for important financial decisions is no longer good enough.
To read the complete article
By Ellen Zhang