No time for napping. Someone’s phishing!
The year 2021 witnessed a rise in phishing attacks that targeted consumers. While the trends were erratic, multiple spikes in activity have made phishing a popular mode of attack on the threat landscape. These threat proponents utilize a plethora of tactics to target organizations and the primary mode of target continues to remain email.
A report by Lookout, Inc. indicated mobile phishing exposure surged 161% within the energy industry between the 2nd of ‘20 and the 1st half of ‘21. The financial services sector witnessed a 125% surge in exposure to mobile phishing attacks in 2020.
According to Verizon’s 2021 Data Breach Investigations Report (DBIR), phishing is the top “action variety” seen in breaches in the last year and 43% of breaches involved phishing and/or pretexting.
How businesses get attacked
- Company Impersonation: A popular form of phishing is where the hackers impersonate the brand and use an email connected to a similar sounding domain. Businesses cannot be preemptive as one doesn’t know about it till there is a victim who complains of a possible attack.
- Spear Phishing: This is like an impersonation mode but includes a few details about the target. This makes it more compelling for more victims into their trap.
- Email Takeovers: Senior executives are vulnerable in such cases. Scammers use email credentials and potential targets include employees and customers.
- Phone Phishing using VoIP impersonate company representatives while using personal details about potential targets.
The rise in attacks can also be attributed to several targets emerging of late such as cryptocurrency exchanges, online gaming sites, and various online retailers.
How can companies protect themselves against phishing?
- Employee training sessions using mock phishing scenarios.
- Systems need to be updated with the latest cybersecurity patches.
- Antivirus solutions coupled with scheduled signature updates.
- Email filters should be deployed that detect Spam, blank senders, blacklisted domains, viruses, amongst others. Web filters can be used to block malicious websites.
- Organization-wide Strong Password security with multi-factor authentication
- A comprehensive security policy covering all potential clinks and susceptible areas under threat.
- Sensitive company data must be encrypted during transmission and storage.
Spikes in phishing attacks throughout the year indicate Q1-2022 will likely continue to trend up. To protect enterprises from these threats, security teams should invest in resources to proactively detect attacks originating from a broad variety of methods.
Allied Digital is a leading IT services player with services that cover cloud computing, AI, systems integration and cybersecurity. With a presence in 70 countries, it serves organizations across multiple industries keeping the operating environment secured while handling and eliminating all types of possible threats.
The author Sunil Bhatt is Chief Technology Officer at Allied Digital Services. He firmly believes that “Cybercriminals are fishing everywhere with smarter baits. Don’t get hooked”.