We frequently write about the need for organizations to develop a culture of security. Last week, Konsultek partner Malwarebytes published a great post on this very subject emphasizing the need for every organization to have a formal anti-phishing plan.
Phishing – On the Rise Because it Works!
Source: Proofpoint Autumn 2018 Threat Report
According to Konsultek partner ProofPoint’s Autumn 2018 Threat Report corporate credential phishing attacks soared in the 3rd quarter of 2018.
Credential phishing skyrockets Credential phishing soared 300% vs. the previous quarter, though it’s too early to say whether the spike represents a seasonal blip or lasting trend. By stealing users’ credentials, attackers get access to all the sensitive data those users have access to and can impersonate them for future attacks.
While there are a myriad number of ways for phishing campaigns to ensnare your employees the most popular remains email. Here, the scammers continue to emphasize subject line urgency and display-name spoofing since they are the easiest to manipulate.
Fight Back Against Phishing!
1. Train your organization to be wary, question and verify. When someone gets a request from your CFO to wire money to an account that they don’t recognize or in an amount that seems unusual they need to feel empowered to question the request. If your C-team is doing its job in creating a security minded corporate culture your CFO will welcome their phone call double checking the request.
2. Be especially cognizant of the risk from mobile devices. From smishing (SMS phishing), to apps, to lengthy URLs that are difficult to view on mobile devices your employees are at a higher level of risk when they go mobile. That goes for organizations that issue devices and BYOD organizations.
3. Look outside to protect your brand. Phishers often attack brand customers directly through social media, email and the web. Follow the lead of big brands such as ebay and proactively educate your customers about phishing and scammers.
4. Assume phishing will be successful and build a robust email defense system that will prevent phishing as much as possible but also manage and quarantine risks when identified.
Konsultek Knows Phishing
At Konsultek we know phishing and security. How secure is your system? Do your employees know how to avoid phishing scams? If you are at all unsure let us help.
Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.
If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.