Cookie Consent by Free Privacy Policy Generator 📌 3 ways to deter phishing attacks in 2023

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 3 ways to deter phishing attacks in 2023


💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: cio.com

Retailers are not the only people looking forward to the holiday season. It will be a busy time for scammers and fraudsters too as they send out coupons, deals and offers to consumers, and even thank-you vouchers to employees, purporting to come from organizations and brands they trust.

In fact, CIO has reported that it takes only a few minutes for experienced hackers to set up a social engineering attack against enterprises (and their managed service providers) that consider themselves to be secure and protected.

Even though email phishing – deceptive messages designed to trick a person into sharing sensitive data (or even money) or inject malicious software into the recipient’s system – is one of the oldest tricks in the book, email cyberattacks account for 90% of all data breaches even today, according to research by Hoxhunt. Taken together, these attacks exact a toll of $6 trillion from the global economy.

While consumers and individuals have grown generally aware of these attacks over the years – even if they aren’t aware of the term “phishing” – they are still surprisingly common and effective.

So what are the different kinds of phishing attacks prevalent today? What methods are cybersecurity experts using to minimize the impact of these attacks? How do enterprises combat these threats at a broader scale and prevent persistent phishing attempts?

Let’s dig deeper.

1. Understand the different types of phishing attacks

Phishers use social engineering tactics via almost every communication format and connection to launch phishing attacks. Unsurprisingly, there’s more to phishing than email:

  • Email phishing: Attackers send emails with attachments that inject malware in the system when opened or malicious links that take the victim to a site where they’re tricked into revealing sensitive data.
  • Spear phishing: Attackers send emails to specific targets who they know have the information they need – such as everyone in the sales or IT department.
  • Whaling: Emails sent to senior executives such as CEOs or CFOs as part of a high-profile targeting scam.
  • Smishing: Phishing over text (SMS) messages.
  • Vishing: Voice over IP (VoIP) and Plain Old Telephone Services (POTS) are also susceptible to phishing attacks – attackers use speech synthesis software and automated calls to solicit victims to share bank details and login credentials.
  • Social media phishing: Attacks executed over social platforms such as Instagram, Twitter, Facebook, or LinkedIn – designed to take over your account or use it for posting messages as part of a larger campaign.
  • Pharming: Attackers use DNS cache poisoning (replaces a legitimate cached IP address with a malicious one) to redirect victims to fake (but similar-looking) sites where their login credentials are captured.

2. Train employees to recognize phishing attempts

Along with being commonplace, phishing attacks have become so profitable (to the attackers) that the biggest cybercriminals have largely moved beyond individual customers. Rather, they target enterprise employees who can be duped into revealing information that’s much more sensitive, on a much larger scale.

“An example might be a bank – we don’t want to target its customers, we think that’s dumb and slow, we want to target the bank itself,” said Mike Connory, CEO at Security In Depth.

Since phishing attacks overwhelmingly target the human element, cybersecurity experts agree that the best defense against this is providing security awareness training to enterprise employees. This helps in early identification of attacks and increasing overall security hygiene. Some basic precautions staff in all departments need to take are:

  • Keep email and website accounts (and even devices) separate for personal and work use wherever possible.
  • Know that legitimate companies will never ask for passwords, personal, financial, or corporate information. Independently confirm with the institute or organization if you can.
  • Never copy and paste links from emails; never click shortened URLs unless you trust the source.
  • Check the sender’s email address. If you don’t recognize it, be wary of opening.
  • Closely read all URLs for all sites where you log in and share, access or create sensitive data.
  • Most messages and emails from phishers contain spelling and grammar mistakes. They aren’t professionally proofread.
  • Coercive or threatening messages or calls are a red flag. Legitimate institutions won’t send such communication unless there is a legal dispute. Double check.
  • Don’t log in to WiFi networks you don’t trust.

Done correctly, these simple steps can make your staff battle-hardened defenders of your network. “You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense,” said Riaan Naude, Global Head of Consulting and Performanta.

“Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results,” Naude added. This is important because the reporting rate of attempted phishing incidents currently languishes at a paltry 3%.

3. Use AI-enabled software to implement anti-phishing security measures

In-house cybersecurity training is no longer a time- and skill-intensive process, given the prevalence of AI-based phishing awareness platforms. Today, ML enables gamified, personalized security training programs for each individual based on their current level of awareness, position in the organization, and browsing behavior.

Further, AI is a potent tool in the arms of cybersecurity experts. It enhances the efficiency and effectiveness of security policies by improving and automating routine threat detection procedures. AI-enabled automation can help organizations put in place a variety of anti-phishing measures:

  • Deploy anti-malware, antivirus, and anti-spam tools and keep key applications patched and updated.
  • Deploy email authentication standards on enterprise email servers to check and verify inbound emails. Some protocols like the Domain-based Message Authentication Reporting and Conformance (DMARC) help admins and users block unsolicited emails effectively.
  • Schedule regular security and phishing training for employees and remedial measures for those who fail tests.
  • Model legitimate communication within the organization – based on predictable behavior of regular users, working out patterns of interaction between various entities, and analyzing the context of messages – and assigning dynamic security scores (with anomaly thresholds) to emails.
  • Integrate with cloud email services to block malicious emails that filter past platform-native security.
  • Give employees a one-click path to reporting suspicious emails and automating the categorization, analysis and management of these emails.

People-first phishing defense

While the effectiveness of any and all security measures depends on people, processes and technology, phishing can be defeated by the very tactic it thrives on: social engineering. Solutions that help people become smarter, sentient, resilient and responsive will win the day against the most advanced phishing attempts. Why not arm your team to be the winning one?

Cyberattacks, Data and Information Security, Phishing
...



📌 3 ways to deter phishing attacks in 2023


📈 46.79 Punkte

📌 Microsoft to further deter malware attacks by blocking internet-downloaded XLL add-ins


📈 29.3 Punkte

📌 Phishing Attack Prevention: Best 10 Ways To Prevent Email Phishing Attacks


📈 26.41 Punkte

📌 Chemical-Releasing Bike Lock Causes Vomiting To Deter Thieves


📈 23.75 Punkte

📌 After Suspending 1.2 Million Accounts, Twitter Claims Its Moves To Deter Terrorists Are Working


📈 23.75 Punkte

📌 UK says prison facial recognition tech, iris scanners deter smugglers


📈 23.75 Punkte

📌 Crime agency turns to Google ads to deter teen DDoS hackers


📈 23.75 Punkte

📌 Australian government prefers education over prosecution to deter cyberbullying


📈 23.75 Punkte

📌 Limited Sanctions Will Not Deter Putin, But They Are a Fine Start


📈 23.75 Punkte

📌 Chemical-Releasing Bike Lock Causes Vomiting To Deter Thieves


📈 23.75 Punkte

📌 Do Kill Switches Deter Cellphone Theft?


📈 23.75 Punkte

📌 Commissioner content transparency measures are enough to deter data-sharing Act breaches


📈 23.75 Punkte

📌 OneNote joins other Office apps in blocking malicious file extensions to deter malware spread


📈 23.75 Punkte

📌 Detect real and live users and deter bad actors using Amazon Rekognition Face Liveness


📈 23.75 Punkte

📌 Washington D.C. police commander: AirTag your $2,000 Canada Goose jacket to deter thieves


📈 23.75 Punkte

📌 To Deter Foreign Hackers, Some States May Also Be Deterring Voters


📈 23.75 Punkte

📌 fbi to private industry: attribution won’t deter north korean hacking


📈 23.75 Punkte

📌 china has sentenced two computer hackers to death to deter the growth of computer crime.


📈 23.75 Punkte

📌 Ransomware attack forces 3 Alabama hospitals deter patients


📈 23.75 Punkte

📌 Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024


📈 23.75 Punkte

📌 Workplace design tips to help deter hackers


📈 23.75 Punkte

📌 Defend and deter


📈 23.75 Punkte

📌 Deter Hackers by Strengthening Your Security Posture


📈 23.75 Punkte

📌 Strategic Ambiguity Isn’t Working to Deter China on Taiwan – It Will Invade Anyway. It’s Time to Commit


📈 23.75 Punkte

📌 6 Ways To Protect Your Business From Phishing Attacks


📈 20.03 Punkte

📌 6 Ways To Protect Your Business From Phishing Attacks


📈 20.03 Punkte

📌 Wenn es sich anfühlt wie Phishing und es aussieht wie Phishing, muss es Phishing sein


📈 19.12 Punkte

📌 Phishing On The Rise: Mimecast Report Alerts Increase In Email Phishing Attacks


📈 18.3 Punkte

📌 How Phishing Simulation Prevents Phishing Attacks


📈 18.3 Punkte

📌 Phishing Simulation Attack: how to avoid Phishing attacks


📈 18.3 Punkte

📌 Hoplite Technology Anti-Phishing Bot: Protecting everyday users against phishing attacks


📈 18.3 Punkte

📌 What are phishing kits? Web components of phishing attacks explained


📈 18.3 Punkte

📌 phishing and impersonation attacks are up, and the c-suite is the weak link in email-borne attacks.


📈 17.47 Punkte

📌 APT28 Attacks Webmail and Microsoft Exchange Servers to Launch Sophisticated Spear Phishing Attacks


📈 17.47 Punkte











matomo