Phishing attacks remain a threat to enterprise systems and data, and the method of entry is no longer limited to email. Your employees may not be trained to recognize some of the newer attempts to gain access to your technology.
The typical phishing attempt is still carried out through a legitimate-looking email message. The telltale sign is the sense of urgency to take action so as to gain or avoid something. The specific format of phishing attacks continues to evolve, with some looking like real emails from a recognizable company or contact.
Modern phishing attacks also encompass a wide range of collaboration and productivity applications, as well as social media platforms. Some attacks utilize different cloud-based solutions, knowing that they can ensnare users through a channel that has an implied level of trust associated with it. Phishing may come through file-sharing applications like Dropbox or Google Docs or from Facebook or LinkedIn. No application is free from the threat of a phishing attack.
Phishing attacks are even occurring on the cross-platform game Fortnite: Battle Royal, where kids were enticed with the promise of free V-bucks, the currency of the game. Most of the attacks were traced to social media sites.
Attackers also have it easier than ever, with Cybercrime as a Service emerging as a kit that offers a phishing turnkey operation, complete with access to a compromised server. These types of packages make it easy for phishing to be profitable.
Preventing Phishing Attacks
Create a Phishing Awareness Program: Your employees can be trained to spot phishing attempts. A one-and-done program is not as effective as a consistent, regular training that provides updates on the latest types of phishing attacks. This type of training also increases awareness for other types of cyber security. It’s important that your enterprise have a cyber security champion who takes ownership of training for phishing awareness.
Part of training should include the simulation of a phishing attack, with monitored response to see where additional training is necessary. Make sure that simulations evolve with the change in threats over time.
Monitor: Artificial intelligence is coming onto the cyber security scene, with tools available that detect unusual behaviors and flag access that is suspicious due to timing, location, or user. There are also tools that can identify vulnerabilities that may escape the notice of employees. Preventative efforts can be employed to proactively block any suspicious activity or requests.
The increased use of personal devices in the workplace has complicated endpoint security, but new monitoring tools are making it possible for enterprise IT security to rein in that complexity.For more information about phishing attacks and how to leverage the best cyber security tools for your enterprise, contact us at Diversified Technology Group.