It’s getting crazy out there in the world of cybersecurity. If the past year was any indication, 2017 will be a busy one for IT managers and security experts. We want to make it a easier for you by sharing trends we are watching and proposing solutions to these threats. In this instalment, we will address phishing solutions.
What is Phishing?
Phishing is the most popular socially engineered threat, preying on human error. Such an attack occurs when hackers conceal malware in fraudulent electronic communications from a recognized or trusted source. Alternately, they use said counterfeit communications to gather sensitive information or request financial wire transfers.
Per the ‘phishing’ name, unsuspecting targets find themselves getting hooked with clever copy and design, leading to the click of an embedded link or download, and reeled in and gutted with the subsequent data breach or infection. While the most common channel for phishing is email, hackers are now employing everything from fraudulent text messages to staged social media accounts.
Phishing will get more targeted in 2017. Such attacks are known as spear phishing, with an especially focused variety referred to as whaling, CEO fraud or Business Email Compromise (BEC). Hackers extensively research a victim and tailor near-perfect fraudulent communications to them. In short, phishing in 2017 will move towards quality over quantity.
In 2016, Whaling (BEC) increased by 1,300 percent. This whaling cost U.S. companies over $3 billion in the first half of the year alone. As well, 91 percent of cyber attacks started with a phishing email according to PhishMe. This will likely continue in 2017.
Phishing websites buried in benign domains will continue to be a trend in 2017. More than 400,000 such sites appeared each month in 2016 to steal user data and passwords.
Spear phishing increased by 55 percent in 2016. This trend is expected to continue in 2017 as hackers attempt to circumvent evolving cyber security systems that are more rapidly detecting and blocking mass attacks by focussing on high-return targets.
Phishing Solutions and Prevention
So how do you prevent phishing? While the human factor in cybersecurity will likely remain the biggest threat, there are a few phishing solutions and methods of prevention that can lower the risk of a costly breach.
1. User Education
You need to train your users to read emails critically — especially if there’s a monetary call-to-action. Depending on the value, they should always be countered with a human verification like a phone call.
2. Email Filters
Get an effective spam filter that blocks phishing attacks. New attempts often have a pattern where the email is from a local domain to a local domain, but with a non-local reply address. You need a filter that blocks these types of emails.
3. Advanced Threat Protection
High-end email filters include extra filtering functionality categorized as Advanced Threat Protection. This is a catchall for new threats including the varied, evolving forms phishing attacks can take. Advanced Threat Protection will also appear under the banner of ‘next generation’. These systems go beyond signature-based detection and blocking, and into behaviour analysis and infection detection.
4. Check Your Checks
Update your financial processes to include more checks and verification. Let’s face it: a simple email from someone should simply not be adequate to release a large amount of funds to an account.
5. Data Loss Protection (DLP)
Having a proper DLP with rules where emails concerning financial transactions are monitored is ideal — especially one using proper email DLP modules.
6. Two Factor Authentication (2FA)
Enable 2FA or multi-factor authentication (MFA) on all your email accounts, and ensure your users doing the same.
That’s a good start. Using the right tools, with a healthy amount of education and employee training is the key to be building a strong phishing prevention program. There is no one phishing solution to prevent all threats but with layers your chances of being phished are greatly diminished.
If you’d like to read more about cybersecurity trends and solutions, you can download our white paper Cybersecurity Trends and Solutions for 2017, which covers phishing solutions and 13 other trends and solutions to stay on top of.