To celebrate Cyber Security Awareness Month, CyberTalk.org is publishing dedicated blogs throughout October. Each week, we are sharing blogs that correspond to four key cyber security behaviors, as identified by The National Cyber Security Alliance. Today’s blog discusses the latest phishing facts, phishing prevention tips, phishing response best practices, and further phishing-related insights.
Phishing represents one of the oldest cyber crime tactics, and it’s still one of the most effective. Roughly one-third of the total time available to organizations’ IT and security teams is consumed by phishing-related security activities, and the average malicious message costs organizations an average of 27 minutes (and $31 in labor) to mitigate. Some large organizations spend as much as $1.1 million per year to mitigate phishing attacks, according to new data.
The expenses associated with phishing, combined with the consequences of successful phishing attacks -which include exposed data, intellectual property loss, client distrust and more- mean that many organizations deem phishing an “extreme threat“ to business operations.
As cyber attackers grow increasingly sophisticated, the situation appears unlikely to abate. Experts advocate for organizations to stay alert, and to adequately prepare for more sophisticated and pernicious phishing attacks than ever before.
Cyber security experts are sounding the alarm about Advanced Persistent Threats (APTs), which leverage phishing to infiltrate well-guarded, high-value organizational networks. As the name indicates, Advanced Persistent Threats rely on clandestine hacking techniques to allow hackers to quietly access and reside in network systems for extended durations of time. APTs often result in destructive consequences. Building up capabilities to contend with the initial phishing attacks that lead to these types of threats is critical. See below for insights.
1. Install the best anti-phishing software in order to prevent attacks. Anti-phishing software can watch and monitor websites that attempt to redirect users. It can also identify malicious links, prevent malware downloads, block ransomware, check reputation databases, and ensure protection against zero day vulnerabilities.
Email security has changed. Obtain API-based email protection that stops advanced phishing attacks in real-time before they reach end-users. Key components of powerful, top-notch threat prevention tools now include artificial intelligence and machine learning. Secure your communications, protect sensitive business data, avoid account takeovers, and keep everyone safe. More details here.
2. Add another layer of security by implementing multi-factor authentication. Use of multi-factor authentication can protect accounts in the event of accidental compromise, stopping a hacker from reaching your organization’s ‘crown jewels’. Multi-factor authentication considerably reduces the probability of experiencing a damaging cyber breach. Read about additional reasons to implement it here.
3. While the technology is important, so is employee awareness. Show employees real-world examples of phishing and explain why they should not click on unknown links, attachments or advertisements. Organizations can send out regular communications about phishing, and can conduct regular drills to check on whether or not employees will fall for phishing bait. In revamping your employee education initiatives, determine how to incentivize employees not to take unnecessary online risks. Do your employees realize that the organization is really just one click away from being hacked?
Elevating employee awareness also means making employees aware of the SOC or incident response team. Employees should know that, in the event of a ‘wrong-click’ or other phishing-related concern, there is a dedicated team of professionals who can help. More about this here.
The risk to organizations is at an all-time high. Organizations need to get ahead of the surge in phishing attacks, which are becoming difficult to identify and dauntingly dangerous.
Adapt to emerging trends. Ensure that your organization retains capable security technologies, strategically minded staff, and that awareness education is provided to all employees.
For more information about phishing prevention, see CyberTalk.org’s past coverage or check out our phishing prevention e-book. Lastly, to receive cutting-edge cyber security news, reports, best practices and analyses in your inbox each week, please sign up for the CyberTalk.org newsletter.