As more and more businesses continue to integrate and expand their operations into the online sphere, maintaining your company’s digital security profile has never been more critical.
Particularly as 2020 and 2021 (so far) have seen increases in cybersecurity breaches, ransomware, and identity theft attacks, many companies are justifiably refocusing their attention on digital security strategies that defend against multiple threats. Unfortunately, many of these same companies might find their ransomware protection ineffective due to an inadequate defense against phishing attacks that can leave them vulnerable.
“Phishing” is a term that refers to a strategy used by cyber-criminals in which a targeted individual receives a message seeking to deceive the recipient into revealing information that cybercriminals can use to gain access to organizational systems. Once inside, attackers deploy ransomware software on the victim’s infrastructure themselves or sell access to other criminal ransomware groups.
Did you know? Phishing is the method most often relied on by digital attackers. According to a recent threat report, approximately 75% of companies across the globe experienced a phishing attack in 2020. With the “why you need a phishing defense,” some may feel that with a less than 1% criminal success, they’ll take their chances.
Who’s at Risk?
Everyone, really. While the financial industry accounts for most reported phishing attacks, any organization that handles/stores client data is at risk of targeted phishing attacks. Analysts have seen a rise in ransomware attacks in the public sector, likely because attackers believe they’re more inclined to pay a ransom if they can regain control of their systems. No industry is immune to the threat – even the U.S. State Department has acknowledged recent breaches.
What Does a Phishing Attack Look Like?
Phishing attacks are most often designed to look like they are from a trusted source, such as a banking institution, credit card company, social media or social networking site, or a digital retailer. Here is the simple way the FTC describes it:
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Establishing routine staff training designed to instruct all team members on identifying possible phishing threats is one of the most effective defensive measures against phishing that an organization can implement. Business leaders should ensure their staff stays up-to-date on the most recent tactics being used by attackers by coordinating with security experts and regularly developing training activities for team members.
What Can You Do?
Security experts recommend several methods to help organizations protect themselves, the first being the deployment of comprehensive security software on all company computer systems. In addition to this, organizational leaders must also ensure that the mobile devices used by company leadership and staff are likewise protected by security software.
Experts also recommend setting mobile software to update automatically – this may provide critical protection against newly developed security threats targeting mobile devices.
Establishing a multifactor authentication process is also an effective measure against phishing breaches. Multifactor authentication is a security technique requiring two or more verified credentials to log into designated accounts. The credentials required might fall into two categories:
Something you have – this might be a numerical passcode or security key obtained upon login request through an authentication app.
Something you are – this might be a physical fingerprint scan, retina scan, or face scan.
Establishing a multifactor authentication process protects sensitive systems by defending against phishing attacks that might successfully compromise any single authentication measure. For example, if a phishing attack designed to uncover a user’s login credentials is successful, attackers would still be unable to access sensitive systems without also satisfying a required retina scan.
In conjunction with the measures noted above, a good defense includes maintaining off-network backups on external hard drives or cloud storage. This protects the integrity of valuable organizational data and minimizes the system disruption in the event of a cybersecurity breach.
Protect Your Business
The average ransom demanded by digital extortionists rose from $5000 in 2018 to $200,000 in 2020 (Varonis). The largest ransomware payout ever reported came in at $40 million, occurring at an insurance company just this year (2021). That’s why you should protect your organization by investing in the right security tools, establishing routine cybersecurity training for staff members on identifying phishing threats, and working with experts to develop effective incident response plans in the event of a breach.