………companies and employees have to be more aware than ever.
Rob Batters, Director of Managed and Technical Services, Northdoor plc
There have been a number of high profile ‘phishing’ attacks on companies over the last few months including one on Twitter. This has raised the profile of such attacks, but many companies and more importantly employees still have little idea of what such an attack looks like and how to deal with it.
The UK National Cyber Security Centre (NCSC) defines Phishing as “an attempt to trick users into doing the wrong thing” such as clicking a bad link that will download malware or direct them to a corrupt website and encourage them to divulge personal information, company data and log-ins or other information that will give them access to restricted infrastructure and data.
The term ‘phishing’ is used as typically these attacks impersonate a person or brand to persuade victims to trust them and give over the information they are after. Phishing is not malware, Spam or cross site scripting, although they often coincide. The truth is that it offers an impressive return of investment for the criminal and is every bit a most dishonest and insalubrious activity.
Phishing is on the rise
The last few months has seen a real rise of such attacks. It is not a coincidence that it has happened at the same time as a global pandemic, as criminals target companies and individuals when they are at their most vulnerable.
The UK Government Cyber Security Breaches Survey, taken earlier this year commented that “The most common type of cyberattacks by far are phishing attacks – that is staff receiving fraudulent emails or being directed to fraudulent websites. 45% of all incidents reported to the ICO in 2019 with the pandemic increasing this even further. Googlereported that there was a 350% increase in active phishing websites between February 2020 and March 2020.
It is very clear then that criminals are massively increasing the volume of their attacks, particularly during this period of uncertainty and workforces working outside of the corporate network.
What does a phishing email look like?
On average, it only takes 82 seconds from the time a phishing email is first distributed to the first victim being hooked. This highlights just how effective this type of attack is. For a limited amount of effort and cost, cybercriminals can quickly see results.
So how do victims so easily get tricked into passing on vital information? That is answered by the high levels of sophistication in the criminals’ approach. So what does a ‘typical’ phishing email look like?
Typically, there is a call to action; an imperative. It is usually an unexpected, yet plausible request or demand from an apparently credible source and sometime from someone known to the victim, most often a colleague senior member of staff. Quite often it will be requesting an urgent payment or password reset or less sophisticated version offering a ‘special offer’.
Criminals used to rely completely on a numbers game, sending out as many as possible in the hope to catch one person out. However, their approach is becoming increasingly sophisticated targeting individuals with increasingly credible looking emails and approaches.
How can companies reduce the risk?
Education is a critical element and prepares a first line of defence (and most often weakest defensive link) – the employee. Many anti-virus and other packages including phishing simulations with sample campaigns. The NCSC has issued guidelines as a series of ‘layers; to prevent an attack. Layer 1 essentially says find something beyond simple education to assist the defence.
Many people, often senior employees, think that only more junior or ‘less intelligent’ staff members are going to get tricked by phishing attacks. Frankly, why take the chance?
The very nature of phishing attacks means that they are designed to appear credible and consequently no one can take the threat lightly. Criminals target specific roles within an organisation or even specific individuals, launching an attack when that person is most likely to be off their guard. This highlights why attacks have increased so much over the last few months in the face of the global pandemic and says a great deal about the character and nature of most of the criminals involved.
Introducing innovative technology to help combat the threat
Some companies are no longer taking a risk on the ‘intelligence’ or savviness of their employees and are implementing proactive defences against a constantly moving enemy.
To turn the tide against cyber criminals, it is vital to shift the burden of cost and complexity onto the attacker. The latest advances in artificial intelligence (AI) and machine learning are now allowing IT departments to do exactly that.
AI can help organisations stop phishing attacks in their tracks. Using linguistic and technical analytics algorithms, AI solutions can help identify signs of compromise with pinpoint precision. Such solutions can re-write suspect emails to disable questionable links and add user-friendly warning banners to highlight possible phishing emails to employees; thus, helping them to make informed decisions as to what they do or do not click on.
Crucially, the key to AI is that it is always learning. Without intervention from IT personnel, AI solutions can become more accurate over time which means that it is always one step ahead of new email phishing tactics – a complete reverse of the current situation. As a result, the IT team can focus on other, value-added activities, while the business can be confident that legitimate emails will reach without delay.
Those companies that continue to ignore the threat of phishing attacks and rely instead on employees correctly identifying and dealing with potentially dangerous emails, will at one point, inevitably become a victim. However, innovative, AI technology will allow companies to not only more effectively take on the phishing threat, but take pressure off employees, whilst freeing up the IT department to engage in other key areas of the business.