Phishing remains one of the top threats to enterprise IT. According to a recent Akamai report, “Phishing Is No Longer Just Email: It’s Social,” phishing is responsible for as many as 93 percent of security breaches. Email phishing attacks continue to rank highest among attack methods, but criminals are now adopting modern communication and collaboration tools and services as well.
The Evolution of Phishing
Typical phishing attacks are carried out via legitimate-looking emails. The subject lines and content vary, but the messages generally urge the victim to take action to avoid or gain something. Over time, phishing attack trends have changed, and phishing emails often aim to impersonate legitimate brand mailings.
Modern day phishing attacks target a wide range of communication and productivity apps and services. For instance, some attackers utilize popular social networking and cloud-based services, ensnaring victims across devices at work and at home. New attack methods rely on implied trust, where the victim is familiar with the platform and regularly accesses it.
Phishing attack trends now include attacks on popular cloud-based collaboration and file-sharing services. As the Akamai report noted, “Facebook, Slack, Microsoft Teams, Dropbox, Google Docs, and other popular platforms are serving as the criminals’ initial point of penetration into the enterprise.” No service is immune from attack.
Online games are also increasingly being targeted by phishing scams. Fortnite: Battle Royal, a popular cross-platform game, made headlines in 2018 after a rash of phishing scams were reported. Young players were targeted online by enticing offers of free V-bucks, Fortnite’s in-game currency. Victims were lured in by phishing sites that requested game login credentials, and younger players unfamiliar with phishing were tricked into providing personal information. A whopping 86 percent of these phishing attacks originated on social media sites.
Cybercrime as a service, cybercrime through a kit and cybercrime through a turn-key operation are evolving as well. Phishing kits are available for sale that contain phishing campaign templates and access to a compromised server, among other tools. Some kits are available for free and allow the kit creator to retain access to victim data from every set up. Off-the-shelf packages like these make it easier for criminals to launch new attack campaigns quickly.
Additionally, phishing attack trends are moving toward a more human-centric approach. Attacking technology is a less enticing prospect than gaining direct access using valid credentials. As such, employees must be the first line of defense against phishing attacks.
How to Fend Off Enterprise Phishing Attacks
Build a Robust Cybersecurity Awareness Training Program
Employees who participate in ongoing security awareness training programs can learn to spot phishing tactics. A program that runs for a short time naturally isn’t as effective as a consistent program that provides updated information on current trends and cybersecurity advice. Training users to identify phishing attacks can also have a positive effect on overall security.
Security awareness training programs must be managed by someone. According to the “2019 SANS Security Awareness Report,” effective cybersecurity programs tend to have full-time employees dedicated to awareness training and developing outreach programs within their organizations. Organizations without dedicated, full-time staff to manage awareness programs tend to have less mature awareness programs.
Conduct Simulated Phishing Attack Tests and Measure the Results
Simulated phishing attack tests can help a security team gauge the effectiveness of security awareness training programs and help end users gain a better understanding of attacks. Regular tests that mimic real-life phishing attacks should be conducted even as employees become more skilled at spotting suspicious messages. The threat landscape continues to evolve, and so should your cyberattack simulations.
Detect Potential Threats With Artificial Intelligence, Machine Learning
Use artificial intelligence (AI) to analyze user behavior and detect threats quickly. AI and machine learning can notice troubling patterns in unstructured data and provide security teams with the actionable data they need to respond quickly. Machine learning is especially well-suited to sniffing out vulnerabilities that could elude human security team members.
Deploy Ahead-of-Threat Attack-Prevention Tools
Phishing attacks require a number of systems to function. Ahead-of-threat prevention includes tracking DNS and domain registrations along with other data and can help thwart future attacks by proactively blocking suspicious requests and URLs before they can deliver their malicious payloads.
Make Use of Endpoint Monitoring and Protection
The increasing use of personal devices at work introduces a number of new endpoints that are not fully protected under IT security systems. Monitoring endpoints and providing rapid remediation for compromised devices can prevent the proliferation of an attack originating from one of these unmanaged devices.
Limit User Access to High-Value Systems and Data
Most phishing attack methods aim to exploit human operators, and privileged user accounts are attractive targets for cybercriminals. Limiting access to systems and data can help protect high-value data from compromise. Only users who absolutely need access should have it.
Analyze User Behavior to Spot Trouble Before it Begins
Insider threats — unwitting or intentional — continue to threaten enterprise security. It can be helpful to monitor user behavior for risk and analyze against a typical baseline to detect insider threats and other potentially damaging user behavior. Behavior analytics can also help identify compromised accounts easily, which can enable security teams to remediate quickly.
Protecting against ever-evolving phishing attacks requires a robust security awareness training program for system users and a little help from new technologies like artificial intelligence and ahead-of-threat detection. Ensuring employees are well-trained and regularly tested can keep your first line of defense ready to identify and avoid phishing attacks.