EXECUTIVE SUMMARY:

In the past year, nearly three quarters of businesses have suffered a data breach that derived from a phishing attack.  Over 3.4 billion phishing emails are sent everyday worldwide, tallying to roughly one trillion phishing emails distributed annually.

One of the reasons as to why phishing is effective pertains to its versatile nature; campaigns can be crafted in a variety of different ways, and fresh looks can easily dupe attack targets.

Why phishing is successful?

Phishing is typically successful for several reasons; as noted previously, campaigns continually change, phishing awareness is often low, and both people and organizations commonly lack technologies to disrupt phishing attempts.

According to a Verizon report, in an average phishing campaign, 4% of targets will fall for the scam. Despite the fact that this number may sound small, 85% of organizations report that employees have divulged information to phishers or social engineers. This type of user behavior could result in harm to your enterprise. Phishing awareness is critical.

Phishing best practices, prevention

You need to go beyond basic email spam filters, although they may be a good place to start.

• Email security solutions. Consider strong anti-phishing technologies, especially low-maintenance tools that can auto-update. Seek out email security solutions that can detect malicious content, leverage language processing techniques, and that can offer click-through analysis.
• Monitor systems for data leaks. When information is leaked from systems and found by hackers, the threat actors may weaponize this information against employees or an organization at-large.  A DLP strategy and solution should be considered. Features to look for include: Automated data classification, multi-vector flow tracking and user behavioral analytics.
• Implement strong endpoint security. Endpoint solutions can quickly spot and remediate malware infections that network-level email defenses may fail to detect.
• Implement strong user authentication protocols. Consider a comprehensive password policy that can prevent use of weak or recycled passwords. Apply two-factor authentication to accounts, where possible. Attackers may be interested in logging into your organization’s accounts to steal information. Depending on the account type, the information may be sold on the dark-web or it could be used to plan social engineering campaigns.
• Provide employee education around phishing. Review what it looks like, and how to report it to the proper personnel. Employees who are tired or stressed are unusually likely to fall for phishing scams. It pays to alert employees to this reality.

Cyber Talk’s executive-level phishing resources

Phishing is a threat that must be taken seriously, especially as the cyber threat landscape continues to expand. Here’s where you can find more information about phishing to ensure that your phishing questions are answered…

• Wondering if phishing can be detected by firewalls? Heard about those spontaneously disappearing phishing emails? Can you report phishing as an illegal activity? Get answers to those phishing questions and more, right here.
• Are you a financial industry executive? Discover phishing campaigns that hackers have devised to undermine your industry. Financial industry executives resources.
• History buff? Find out about why phishing is still one of the most common means of gaining entry for hackers. Learn more here.
• Could this never-before-seen phishing attack curtail your business endeavors? Why is this trending attack type such a threat? Read this articleto find out.
• Check out this whitepaper titled Humans are Your Weakest Link to find out about how phishing can put your organization under water. Discover how to navigate around roadblocks.

For additional phishing awareness information and phishing prevention best practices, check out this article and video. Lastly, to get cutting-edge insights, analysis and resources in your inbox each week, sign up for the Cyber Talk newsletter.