Phishing attacks are on the rise and show no signs of slowing down. According to the latest Mimecast report “State of Email Security 2019”, we have witnessed an increase in phishing attacks globally. They report that 94% of organizations have experienced phishing attacks in the last 12 months.
There are various forms of phishing attacks but essentially all attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials and more, by posing as a legitimate individual or institution.
These attacks are becoming more sophisticated in order to get around security solutions that are being put in place across most organizations. The most common form of phishing is not typically targeting specific individuals but rather the likes of say PayPal which are cloned. Emails are then sent to many individuals instructing them to click on the malicious link to resolve account discrepancies in the hope of obtaining their credentials.
With spear phishing, the fraudsters apply a more targeted approach to his craft. While this requires a little more effort as the fraudster needs to acquire information about the targeted individuals, their task is made easier by using social media websites such as LinkedIn which has a wealth of information about the targeted individual.
Whaling is a form of spear fishing where executives such as CEOs are targeted. Gaining access to a CEO’s email account would allow criminals to target individuals in the organizations’ accounts department instructing them to release payments to the criminal’s account.
Criminals are not only using email as an attack for phishing. Phishing is a form of phishing where criminals use the telephone to obtain personal information through social engineering.
So what can organizations do to prevent these attacks? The solution would require a holistic approach that would include security specific solutions, awareness training as well as changes to internal accounting controls. The first step is to implement security solutions that protect the company’s email environment. Vox offers a range of best of breed security solutions which are specifically designed to mitigate the risk of phishing attacks.
While these solutions will significantly reduce the risk of phishing attacks, it is important to remember that implementing a security solution is not enough. Security solution providers are constantly innovating new features to meet the increasing sophistication of these attacks. This means that the solution would require constant management by certified security specialists. Vox understand this relationship between product and skills and offers fully managed security services to ensure that the customer remains protected.
In addition to the security solution and managed services, organizations would need to institute a security awareness training for their staff. Security awareness training would provide education to employees to the dangers of phishing or other online scams. In the case of Vishing, security awareness training provides the only line of defense. Lastly, companies would need to improve internal controls to mitigate the risk of whaling attacks as previously mentioned.
In the event of a successful whaling attack, improved internal accounting controls would ensure that payments are not made to the criminal’s account.