What procedures should companies have in place to minimise phishing attacks?
Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa
Phishing, spear phishing and ransomware represent serious threats to any organisation. They can be used to steal money, extort ransom payments, exfiltrate intellectual property, disrupt business operations and, in extreme cases, actually put a company out of business.
As cybercriminals constantly evolve their methods, unless organisations evolve their cybersecurity solutions and practices at the same time, these threats are very real. This shouldn’t come as a surprise – there have been an increasing number of well-publicised attacks recently including WannaCry and Petya, demonstrating the impact cybercrime is having on mainstream businesses. What might not be so obvious is that the point of entry into an organisation often comes down to people. It seems that despite security professionals’ best efforts, employees are still tricked by cybercriminals using social engineering techniques on email, social media and other business systems.
There are robust cybersecurity solutions and best practices that can be implemented to reduce the chance that a phishing, spear phishing or ransomware attack will be successful.
It doesn’t always require a big overhaul of infrastructure. The starting point is to focus in on your people to truly understand how they currently use and access critical data and systems in their day-to-day roles. By fully understanding the baseline, normal user behaviour and movement of data, one can effectively counter abnormal behaviour.
Behaviour analytics products can allow firms to flag risky behaviour or unorthodox usage, ultimately helping security teams to quickly identify potential breaches and either stop people extracting critical data or lock down the machine quickly.
There are three types of insider behaviours that can put critical data at risk:
- The accidental user (who makes mistakes, or is unaware of wrong-doing)
- The compromised user, who has their credentials stolen by cyber criminals)
- The malicious user (who intends to cause harm)
In the case of phishing, it’s often an accident that causes an individual to become compromised by malware. For example, should a user click on a malicious URL in a phishing email, the change in the way those credentials are used afterwards is dramatic. Rather than logging on and opening email, a criminal would undertake atypical activities – using a compromised account to access completely different parts of the network or seeking to extract large volumes or different types of data than is typical for that person.
Organisations run on people, and people by very nature are curious, prone to making snap decisions and often led by their emotions. For this reason, it is essential that you develop a social engineering toolkit to help tighten your security against social engineering attacks that prey on human vulnerabilities.
If firms are able to take a human-centric approach, thinking differently about security and starting with an understanding of human behaviours and cadences, they can ensure their most valuable data is surrounded by the right behaviours that enable them to protect against breaches now, and in the future.