+
EDITOR’S QUESTION
JURGEN SORTON, SENIOR
PRODUCT MANAGER FOR
SECURITY AT VOX
///////////////////
P
hishing attacks are on the rise and
show no signs of slowing down.
According to the latest Mimecast
State of Email Security 2019 report, we have
witnessed an increase in phishing attacks
globally, with 94% of organisations having
experienced attacks in the last 12 months.
There are various forms of phishing attacks
but essentially all attacks attempt to gain
sensitive, confidential information such
as usernames, passwords, credit card
information, network credentials and more, by
posing as a legitimate individual or institution.
These attacks are becoming more
sophisticated in order to get around security
solutions that are being put in place across
most organisations. The most common
form of phishing is not typically targeting
specific individuals, but rather popular sites
such as PayPal, which are cloned. Emails are
then sent to many individuals instructing
them to click on the malicious link to resolve
account discrepancies in the hope of
obtaining their credentials.
With spear phishing, the fraudsters apply a
more targeted approach to their craft. While
this requires a little more effort as fraudsters
need to acquire information about the
targeted individuals, their task is made easier
by using social media websites, such as
LinkedIn, which has a wealth of information
about the targeted individual. Whaling is
a form of spear phishing where executives
such as CEOs are targeted. Gaining access
to a CEO’s email account allows criminals
to target individuals in the organisation’s
accounts department instructing them to
release payments to the criminal’s account.
www.intelligentcio.com
Criminals are not only using email as an
attack for phishing. Vishing is a form of
phishing where criminals use the telephone
to obtain personal information through
social engineering.
So what can organisations do to prevent
these attacks? A holistic approach is required,
one that includes security specific solutions,
awareness training as well as changes to
internal accounting controls. The first step is
to implement security solutions that protect
the company’s email environment. Managed
service providers, such as Vox, offer a range
of best of breed security solutions which are
specifically designed to mitigate the risk of
phishing attacks.
While these solutions will significantly reduce
the risk of such attacks, it is important to
remember that implementing a security
solution is not enough. Security solution
providers are constantly innovating
new features to meet the increasing
sophistication of these attacks. This
means that the solution requires constant
management by certified security specialists
who understand the relationship between
product and skills and offer fully managed
security services to ensure that the business
remains protected.
In addition to the security solution and
managed services, organisations need to
institute security awareness training for
their staff. This educates employees to
the dangers of phishing or other online
scams. In the case of Vishing, security
awareness training provides the only line of
defence. Lastly, companies need to improve
internal controls to mitigate the risk of
whaling attacks as previously mentioned.
In the event of a successful whaling attack,
improved internal accounting controls
ensure that payments are not made to the
criminal’s account.
INTELLIGENTCIO
25