As phishing volumes increase, experts pin hope on AI and trained employees as a last line of defense, CIOSEA News, ETCIO SEA

Date:

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY


When it comes to cyberdefense, knowing what you are fighting is critical. And if the latest stats from Vade, a global leader in threat detection and response, are to be believed, phishing continues to be on the rise as hackers try to exploit organisations. As per Vade’s Q3 2022 Phishing and Malware Report Overall, phishing volumes saw a more than 31% increase QoQ, after finishing Q2 with one of the most active months in 2022. Meanwhile, malware volumes tapered off from the blistering totals set in H1 2022, but they still more than doubled the levels reached in Q3 2021.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Phishers made a strong showing in Q3, sending 203.9 million emails compared to 155.3 million the previous quarter.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Phishing volumes, Q3 2022

Further, hackers appear committed to using one of their most reliable strategies: impersonating trusted and established brands. Q3’s phishing results saw Facebook emerge as the top impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft to round out the top five.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

And it’s no surprise that email remains the top vector for phishing and malware attacks.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Email is the preferred attack vector for phishing and malware, giving hackers a direct channel to the weakest link in an organisation’s attack surface: users.

This makes it critical for organisations to transform email from a weakness in their attack surface to a strength. What measures can organisations deploy in this direction? We spoke to security specialists to understand how organisations can tackle this upsurge in phishing and ready their employees to deal with this.

Here’s what they had to say.

One layer of defense should be the implementation of Multi-Factor Authentication (MFA)

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

It should come as no surprise to any organisation that phishing attempts are significantly up. What may be a surprise, however, is how much harder phishing emails are for users to recognise, shared Nathan Wenzler, Chief Security Strategist, Tenable.

As phishing volumes increase, experts pin hope on AI and trained employees as a last line of defense

Attackers are honing their skills in crafting phishing emails that look incredibly real, with fewer obvious spelling errors, website references that look correct and they even seed the emails with personalised, targeted data that they’ve acquired from previous data breaches. All in all, users are more susceptible now to phishing attempts than ever before, which means organisations must take stronger measures to protect their environments.

As per Nathan, one layer of defense should be the implementation of Multi-Factor Authentication (MFA) for any access to critical data and applications in your environment. This helps ensure that even if a user’s laptop or workstation is compromised by a phishing attempt, the attacker will have a much more difficult time to access the most valuable data on your network.

Awareness training is still one of the most effective ways to combat phishing

On the user level, awareness training is still one of the most effective ways to combat phishing by raising awareness amongst employees by highlighting how to identify malicious URLs and attachments that may not be what they seem, added Nathan. Training should simulate real-life scenarios and examples, and highlight how much more sophisticated the emails are getting. Regularly quizzing employees and running internal drills with feedback on those that failed to gauge overall susceptibleness and improvement over time.

When it comes to building employee readiness to deal with phishing, Mark Lukie, Director of Solution Architects – APAC Region, Barracuda also believes that trained employees can act as a last line of defense against phishing and malware attacks in any enterprise. So, organisations must focus on training their staffers to help them recognise attacks, understand their fraudulent nature, and know how to report them. They can use phishing simulation for emails, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of their training, and evaluate the users most vulnerable to attacks.

As phishing volumes increase, experts pin hope on AI and trained employees as a last line of defense

Proper guidelines must be created that put procedures in place to help employees avoid making costly mistakes by confirming requests that come in by email, including making wire transfers and buying gift cards. Data loss can be prevented by using the right combination of technologies and business policies to ensure emails with confidential, personally identifiable, and other sensitive information are blocked and never leave the company.

AI to the rescue

Amid the increasing threats from targeted phishing attacks, organisations can protect their business and users by investing in technology to block attacks. Since, scammers are adapting email tactics to bypass gateways and spam filters, it is critical to have an AI-powered solution that detects and protects against advanced spear-phishing attacks, including business email compromise, impersonation, and extortion attacks, shared Mark

Mark added that organisations can deploy purpose-built technology that doesn’t solely rely on looking for malicious links or attachments but also analyses normal communication patterns to spot anomalies that may indicate an attack. Meanwhile, having a multi-factor authentication in place will provide them with an additional layer of security above and beyond username and password. And it is important to improve security awareness of employees and ensure they can recognise the latest attacks and how to report them to IT.

Patch systems with common, exploitable vulnerabilities favoured by criminals

There’s no doubt that security awareness training will help educate users and provide them with the knowledge required to thwart phishing messages, reminding them to remain vigilant and exercise caution in handling any email, attachment, hyperlink or social media pleas. However, Nathan believes that awareness training alone is not enough. Security teams should also identify and patch systems with common, exploitable vulnerabilities favoured by criminals – such as those listed by CISA, along with any other vulnerabilities which are actively being targeted by criminal and nation-state actors, which will make it harder for the attacks to be successful.





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

Amazon charged with misleading customers by Polish consumer … – Notes From Poland

Amazon charged with misleading customers by Polish consumer...

Carole Middleton's business had 'terrible Christmas' amid sales dip and strikes – Express

Carole Middleton's business had 'terrible Christmas' amid sales...

Everton vs. Arsenal Livestream: How to Watch Premier League Soccer From Anywhere – CNET

Everton vs. Arsenal Livestream: How to Watch Premier...

Bancorp completes HQ move to South Dakota – Delaware Business Times

Bancorp completes HQ move to South Dakota  Delaware Business...