Hackers Are Using Phishing Attacks More and More

Phishing attacks have been growing in number and sophistication over recent years. A staggering 76% of businesses have reported that they experienced a phishing attack in 2017.

Employee cybersecurity training alone is not enough to keep up with these attacks. Stronger safeguards like professional-grade firewalls are required to stay safe in today’s cyber landscape.

Phishing Attacks Are Getting More Sophisticated

Phishing attacks have grown in sophistication. One tactic is domain spoofing: using a domain name that can be easily confused with a legitimate site to trick users into trusting its (malicious) contents. Even SSL has been used in hosting cleverly disguised phishing websites to lure victims.

Spear Phishing Attacks Are Also Increasing

Spear phishing, a phishing attack that targets a specific individual, is getting stealthier as well as more prolific. It has become one of the more common methods hackers use to glean sensitive information that cybercriminals can leverage to steal money from businesses. In 2018, 71% of all target attacks started with spear phishing.

Why Phishing Attacks Are Dangerous

These attacks have grown more frequent and have been costing companies millions in damages. Aerospace engine component manufacturer FACC lost $55 million from a spear phishing attack. The loss of data results in staggering financial losses that can be difficult to recover from, particularly for smaller organizations who risk ceasing operations completely.

On top of losing data and money, companies that experience phishing attacks also suffer from damaged reputations. Over 90% of espionage attacks use phishing as the weapon of choice. Staying protected from these evolving threats is critical for businesses of any size.

SMBs Are Especially Vulnerable to Phishing Attacks

Small businesses are especially vulnerable to phishing attacks and typically don’t have the IT resources and expertise needed to guard themselves these attacks proactively. In 2018, 58% of malware attack victims were categorized as small businesses. With 92% of malware delivered by email, it is crucial SMBs take proactive steps to protect their businesses and train employees.

What You Can Do to Protect Your Business and Users

Security solutions and training help reduce the chances of phishing attacks being successful. Employees should be taught to exercise caution when clicking on links. Being able to identify suspicious links is one of the first lines of defense.

Software updates are also important and help keep devices safe from cyberattacks. Additionally, mobile devices and network guests should be separated. There are anti-spam and anti-virus filters included in some next-generation firewalls that can be great tools to protect your business.

Untangle Can Help

Handling cybersecurity concerns like phishing attacks take time and energy away from businesses, but Untangle is here to help. Contact us to learn more about what we can do to protect your business from phishing and other cyberthreats.

A big reason is the transformation in the modern workplace. In the past, IT departments had strict control over gateways, firewalls, and networks. With the advent of bring-your-own-device (BYOD) and 24/7 access to company networks, the perimeters are blurred. Employees are becoming the biggest vulnerability in the infrastructure.

According to a recent report, 87% of companies rely on the use of personal employee devices or BYODs. At the same time, human error is the top contributor to security breaches. The combination of the use of personal devices and the probability of human error increases security risks. Employees falling for phishing, ransomware, and malicious click-bait websites amplify the risk to the whole organization––and the consequences can be dire.

Protecting Your Organization’s Network Infrastructure

The influx of personal devices in the workplace means that IT departments can’t guarantee total control. So the only solution is to create systems and processes to manage the chaos. Here are some practical steps every organization can take:

Train Employees on Cybersecurity Best Practices

The first line of defense is your employees, so proper education is key. Every company should have a training program to teach employees about security. Training can help employees in the following ways:

• Practice proper password etiquette. Employees should understand the importance of creating complex passwords and changing them regularly. Also, sometimes they don’t realize the repercussions of simple decisions. Writing down a password on a sticky note is a security risk. Sharing passwords with coworkers or others is a security risk. Teaching employees about avoiding these high-risk behaviors can improve an organization’s safety.

• Avoid phishing scams and suspicious emails. Phishing scams and malware are getting sophisticated. Employees can get emails from scammers that look like they originate from legitimate financial institutions, government entities or even from their superiors at work. When employees are taught to recognize these scams, the probability of successful attacks diminishes.

• Learn through test runs. Companies can use practice runs and “live fire” training exercises to orchestrate real-life cyber attack scenarios. Organizations can run these tests for phishing and ransomware attacks, collect data and use postmortem techniques to further solidify preventive measures.

• Create good security habits. Regular training and discussions can help employees stay ahead of the latest hacking and cybersecurity threats by keeping safety top-of-mind. Continuous learning is the only way to protect against possible future attacks, so organizations should promote these good habits.

Create BYOD Policies

Use of private devices in the workplace has become the norm. Companies can’t stop the change. So the practical solution is to create usable BYOD policies. IT departments need to implement systems that will enable employees to easily register their devices. The policies need to be convenient so they don’t create hurdles to productivity. If nobody abides by the policies, the whole endeavor will be counterproductive. On the other hand, the rules need to be comprehensive enough to cover a wide range of use cases. The systems need to strike a delicate balance between usability and security. Companies can require all mobile devices to connect to a separate network, rather than the internal network that houses private and sensitive information. This will mitigate any issues that may arise if a mobile device contains malware and eliminate the spreading across the entire organization.

Create Acceptable Use Policies

Even though modern organizations try to be as flexible as possible, the line has to be drawn somewhere. Companies should assess their threat levels, discuss the issues with their employees, and set up acceptable use policies. These policies will differ widely between organizations. A bank or financial institution might have totally different requirements than a company that builds with mobile games. Each organization has to come to terms with what the acceptable use policies are within the scope of its business expectations.

Help the Organization Move Forward

It’s the responsibility of the organization’s leadership to find solutions that will make it easier for everyone to secure the infrastructure of the company. Untangle offers solutions to help organizations identify and manage insider threats, as well as BYOD and open Wi-Fi solutions that can simplify security policy implementations. To learn more, contact us today.

References:
Link 1, Link 2, Link 3, Link 4, Link 5