Think your company is entirely impervious to phishing? Think again. Network security may have evolved, but so have the criminals it’s trying to stop. In 2019, phishing took on a new and more sinister tone. It’s called spear phishing, and companies need to be on the lookout for it.
Phishing involves sending counterfeit emails disguised as legitimate communications from organizations like banks or business services. Carefully crafted to look like the real deal, they attempt to trick employees and private citizens into handing over login credentials. Phishers hedge their bets on the fact that people are expecting these communications and won’t look too closely at the actual email.
They work. Cisco estimates that 85 percent of all email was spam, much of it phishing. As most companies rely on emails to communicate, phishing represents a serious concern. Read on to learn about phishing’s more specialized cousin, spear phishing, and how to protect against this latest redesign of one of the oldest cyberattack strategies in the book.
Spear-Phishing: A New Take on an Old Trick
According to Cisco, spear-phishing is a specialized form of phishing. Rather than sending blanket phishing emails to a list of targets, spear phishing is explicitly tailored to the recipient.
The cybercriminal conducting the spear-phishing will spend time researching both the company itself and the individuals who are most susceptible to an attempt. Exactly who that person is may vary, but nobody is particularly safe or more at risk. Cisco discovered that CEOs and high-level executives were just as likely to be targets of spear-phishing attempts as lower-level employees.
Likewise, the nature of a spear-phishing email will change according to the target. High-level executives frequently received spear-phishing emails mimicking investment firms, banks, or business services. Lower-level employees, however, received something substantially more frightening: the business email compromise (BEC) attack.
BEC attacks are a spear phishing tactic that spoofs the email of an executive or high-level manager in a company, sending an email to an employee that instructs them to carry out seemingly legitimate business functions. According to Cisco, 2019 saw an uptick with this new type of attack.
Tips for Preventing Spear Phishing
Phishing is getting harder to prevent because cybercriminals are getting craftier. If the spate of BEC attacks this year is any indication, hackers are willing to spend the time and effort to research their targets to create a targeted email that slips right past even the most advanced security.
However, there are still tactics companies can implement to prevent spear phishing attempts from being successful. Some countertactics include:
- Establishing an email communication policy: Provide clear guidelines to employees regarding who might email them, when, and why. Instruct employees never to click links or forward confidential information via email. Provide a list of safe login URLs for any business services.
- Use multi-factor authentication on accounts: Mandate the use of multi-factor authentication so that even if login credentials fall into the wrong hands, they’ll be unable to access accounts without the additional step.
- Confirm suspicious emails before interacting with them: Train employees to reach out to colleagues in other ways if they feel that an email that they’ve received is illegitimate.
- Educate staff frequently: Yearly refreshers on cybersecurity and internet safety aren’t enough. Aim to provide short refreshers at least every few months.
How Managed IT Services Can Help
Managed IT services can be a smart move for companies seeking to augment their email security. With the help of these inveterate professionals, companies can beef up their network security. They’ll always be on the lookout to thwart, prevent, and even deter cybercriminals. Managed IT services can:
- Deploy more sophisticated cybersecurity strategies, such as the use of artificial intelligence to identify and block spear phishing attacks.
- Properly configure email and internet servers to prevent or quickly spot and remove unauthorized connections.
- Free up the internal IT department to focus on other aspects of the company’s IT infrastructure.
- Help promote security best practices and the creation of a security-oriented company culture.
ImageNet Helps Companies Avoid Getting Duped
Phishing is one of the oldest tricks in the books, originating in the early 1990s when email gained popularity. Today, phishing attacks have evolved into a set of sophisticated strategies that are increasingly more difficult to spot. The latest evolution of phishing, spear-phishing, is a dangerous tactic capable of fooling even the most diligent of email recipients. It also shows that a company’s data is so valuable that hackers will spend the energy necessary to create a cleverly crafted email that works.
ImageNet Consulting helps companies secure their networks and prevent cyberattacks of all kinds. Start a conversation with us today to discuss your company’s unique cybersecurity needs.