According to the 2019 Verizon Data Breach Investigation Report, a full third of cyber attacks involve phishing tactics. While there is evidence that employee education and phishing prevention solutions are effective in stopping basic phishing attempts, attackers have responded by making phishing emails more sophisticated and convincing. Examples include targeted spear phishing messages based on victim’s social media posts, phishing via text messages, sextortion, and creating fake login pages for legitimate web sites. Users are always the weakest link in security, and that’s why it’s more important than ever for organizations to train their employees to spot phishing attempts.
WatchGuard Sr. Security Researcher Marc Laliberte recently wrote a guest article about phishing education for Help Net Security. He explains why phishing education is so critical to organizations’ overall security posture and gives best practices for success, like establishing a baseline, covering text message phishing and including technical phishing controls like DNS filtering. Here’s an excerpt from the article:
“Phishing awareness training should include the latest phishing delivery method: text messages. While text message phishing tends to go after user’s bank accounts, there is nothing to stop an attacker with knowledge of a company’s organizational structure from pretending to be the CFO in an “urgent” text to a finance employee.
In South Africa, we are not immune to this problem, more and more customers experience data breach through phishing. Organizations receive an email with an order confirmation for an order they never placed, DHL order confirmation or back information that need to be confirmed the list goes on and on.
As always the prevention is better than the cure and to improve on this client should consider layer protection approach, implement spam filters, use DNS protection and ensure website reputation through Firewall technology.
Read the full article to get all four of Marc’s tips on phishing prevention. Read more about defending against mobile phishing and about a new phishing attack that goes after MFA tokens here on Secplicity. Check out our DNSWatch security service for details on how WatchGuard can help prevent phishing attacks.