October marks European Cyber Security Month, a campaign aimed at raising awareness of cybersecurity threats and offering guidance to European citizens on best practises to stay safe online.
With much talk in the media about state-sponsored hacking, complex breaches and whole teams of criminal hackers, people may be forgiven for forgetting the threat posed by the humble phish.
The general public may not be completely familiar with the term phishing, a cyber attack that uses disguised email as a weapon, but the majority of people will know that they shouldn’t click on a suspicious email or a dodgy link. So why do attackers persist and why are so many businesses vulnerable to phishing attempts?
The issue, of course, is much more complex than stopping employees from clicking on a link. The phish is no longer so humble. Attacks are becoming more sophisticated, frequent and are often specifically targeting an organisation.
The attacks have become so frequent that Instagram recently announced it would introduce a new tool to prevent phishing attacks. While in a recent NCSC (National Cyber Security Centre) report, the organisation revealed it had taken down over 190,000 fraudulent websites, and stopped over 140,000 unrelated phishing attacks, in the UK.
While organisations may have wised up to the more cruder phishing attempts, there is an urgent need for them to protect themselves against ever-evolving adversaries.
How phish swim through the gaps
Cyber criminals are using a variety of phishing tactics in a bid to find vulnerabilities – targeting entire companies, individuals and even leveraging the news agenda to dupe victims. There has been an increase in phishing attempts related to the Thomas Cook name, since the travel company collapsed at the end of September, for instance.
As well as revealing the number of phishing attacks in the UK, the NCSC also revealed in its annual report that cyber criminals had attempted to defraud thousands of people using a bogus email from an unnamed UK airport. The scam used a fake gov.uk address, but the messages were prevented from ever reaching their intended recipients. If they had reached their targets, the criminals were no doubt hoping they could dupe victims thanks to the legitimate-looking email address.
Can you spot a phish?
With the scale of the phishing ‘industry’ today, everyone is likely to come under the crosshairs of a hacker at some point, and if you’re a business, a slip-up is likely to be expensive – not only for the bottom line, but for reputation also. In order to better defend your business and yourself, the best approach is to be armed with the knowledge of who’s attacking you in real-time.
If you have a Facebook account, it’s likely that you’ve seen chain posts that sometimes do the rounds after a particularly nasty phishing attack. It’s often quite hard to know whether to trust them, but the concept is a good one – essentially, it’s crowdsourcing security advice. As soon as one person comes under attack, they can alert the rest of their social circle to the style, tactics and aims of the attack, making it that much less likely to succeed in the future.
Businesses need their own version of this – an accredited, regulated, and crowdsourced intelligence system.
By tapping into the collective experience and insights of an industry group, each member gets access to a constant stream of useful information, bolstering their own defences and helping others do the same. This means that new forms of phishing can be quickly identified, classified and flagged to security teams, enabling a quick and targeted response. These security sharing communities can also track instances of a particular phish, helping to determine patterns in the attacker’s behaviour and, with analytics tools in place, predict which sorts of targets they are most likely to try next.
The future of phishing
Businesses should break with the tradition of an isolated defence, make use of information from their peers, and contribute to a wider industry effort to reduce the power of phishing. However, as adversaries continually evolve their tactics, infosec teams also need to evolve their own defences through greater orchestration and automation.
Dealing with the management of user-reported phishing emails, sifting through the information to determine what’s a legitimate threat and what’s not, and acting accordingly is a necessary, but extremely time consuming process.
To counter this and respond to the barrage of threats, companies need to explore how they can make greater use of threat intelligence to quickly identify threats, and identify false flags, so security teams do not waste their time chasing down non-malicious communications. If emails are automatically analysed, the response to them can also be orchestrated – with teams using the threat intelligence to ensure they take the appropriate response.
There is no denying that phishing is effective and there is no sign of this threat becoming extinct anytime in the near future. The need for organisations to be continually educated on these increasingly intelligent threats is vital for protection. The starting point is having the correct threat intelligence tools in place and effectively training staff to improve the organisation’s ability to respond to threats as quickly as possible.
By Adam Vincent, CEO at ThreatConnect
ThreatConnect, Inc. provides a proactive and efficient approach to security by enabling enhanced detection, shortened response, and reduced risk. Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.ThreatConnect.com.
The post #Privacy: How do you protect a company against the evolving phish? appeared first on PrivSec Report.