Delivering Protection against Phishing Attacks

Phishing is one of the oldest types of cyber-attacks, dating back to the 1990s when electronic communication became widespread – but is still one of the most widespread and damaging. A type of social engineering attack, phishing is used to steal sensitive information. This can include usernames, passwords and credit card numbers.

Today, phishing has evolved to take advantage of new ways of communicating. SMS phishing, or ‘smishing’ uses text messages while voice phishing (vishing) uses telephony with robo-diallers and interactive voice response.

Remote working has increased vulnerability to phishing

The consequences of a successful phishing attack can be serious. Direct financial loss from fraudulent use of sensitive data can be extended to regulatory fines if a business is hacked.

The loss of trust and future business can be even more damaging with a recent survey by Deloitte showing that almost 60% of people are less likely to buy from a company involved in a data breach.

In 2020 there was a surge in remote or home working from the pandemic. This saw an increased reliance on email and created new opportunities for fraudulent schemes. Cyber security industry research by Infosecurity Magazine shows that phishing attacks have spiked over 600% since the end of February 2020 due to those changes in working conditions.

What’s your Plan B to protect against phishing attacks?

A study by Cofense analysed over 2 million emails through its Phishing Defence Centre and found that 200,000 were malicious. These had evaded secure email gateways and potentially threatened user organisations.

While traditional controls continue to play a part in phishing defence, CSI recommend a multi-layered approach is recommended to minimise vulnerability.

But even with enhanced perimeter security, it’s important to recognise that a user may still click on a malicious email, manipulated link or fake website. You have to have a plan B…

Improve cyber awareness with a network of human sensors

Organisations can boost cyber resilience by improving awareness and creating a network of human sensors. If users can identify signs of phishing and know how to react, the impact of these cyber-attacks can be significantly reduced.

User reporting of suspicious emails is a true measure of effectiveness. Just because users didn’t click on a suspicious email doesn’t mean they actively make that choice – they may not have seen the email. Reporting of the phishing attack is a conscious and deliberate action.

By learning what to look for in a malicious email, a network of ‘human sensors’ provides security operations teams the visibility into attacks they otherwise would not see. User reporting is a valuable source of threat intelligence because it is based on real attacks that have bypassed perimeter controls.

In addition to providing a last line of defence, user feedback allows security professionals to tune existing detection measures based on real data.

Top tips to mitigate cyber threats

In partnership, CSI and Cofense offer a Managed Phishing Defence Service to deploy, manage, optimise and leverage security awareness and phishing simulation techniques.

We see three critical capabilities for phishing defence:

1. 1. Protect against known threats
2. 2. Get visibility of threats that gets past the technology
3. 3. Respond faster when threats are identified

Our Managed Phishing Defence Service has 3 service levels available to choose from to meet your needs. Please click here to find out more detail in our flyer.

If you would like to find out more about how CSI can help with your cyber security requirements, please call 0800 1088 301 or contact us.