How to Protect Your Organization Against Targeted Phishing Attacks Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

Once we accept our limits, we go beyond them.
Albert Einstein

How to Protect Your Organization Against Targeted Phishing Attacks

Uncategorized No Comment

Phishing emails are one of the most devious and deceptive means of cyberattack. Often sneaking past automated filters, such emails use social engineering to look real and legitimate enough to trick unsuspecting users into revealing sensitive information.

Beyond automated security tools, there are more people-centric strategies that businesses should adopt to protect themselves against phishing attacks, as described in theย 2020 State of the Phish reportย released Wednesday by the security firm Proofpoint.

Based on a survey of working adults and IT professionals as well as other factors, Proofpoint’s report defines phishing as any type of socially engineered emails. The intent could be to deploy malware, direct users to dangerous websites, or collect sensitive credentials.

About 60% of the respondents said their organization faced fewer or about the same number of phishing attacks last year compared with 2018. That may seem like positive news. However, the trend is one that Proofpoint said it’s seen for a while.

Specifically, it means that cybercriminals are focusing on quality over quantity by launching more targeted, personalized attacks instead of just bulk campaigns.

Some 55% of the respondents dealt with at least one successful phishing attack in 2019. Around 54% of those hit by an attack suffered data loss, 49% saw credentials or accounts compromised, 49% were infected by ransomware, 35% were victims of some type of malware infection, and 34% suffered some type of financial loss or wire transfer fraud.

impacts-of-successful-phishing-attacks-proofpoint.jpg
Proofpoint

Organizations measure the costs of phishing attacks in a number of ways. The most common side effect was downtime hours for users, cited by more than half of the respondents. Other costs included remediation time for security teams, damage to reputation, business impacts due to loss of intellectual property, direct monetary losses, and compliance issues or fines.

how-organizations-measure-the-cost-of-phishing-proofpoint.jpg
Proofpoint

The ultimate goal of many phishing emails is ransomware. Some 33% of the organizations surveyed for the report were infected with ransomware in 2019 and opted to pay the ransom. Another 32% were infected but did not pay.

Among those that did pay the ransom, 22% never regained access to their data, 2% acquiesced to follow-up ransom demands and got back their data, but 7% were hit with additional ransom demands and never recovered their data.

Looking at attacks by a specific method of social engineering, 88% of organizations faced spear phishing attacks, 86% faced business email compromise (BEC), 86% social media-based attacks, 84% smishing (SMS/text phishing), 83% vishing (voice phishing), and 81% malicious USB drops.

To help your organization better defend itself against targeted phishing attacks, Proofpoint offers the following tips:

Commit to building a culture of security

If you want to truly make a changeโ€”meaning a mindset and behavior shift that has a positive, day-to-day impact on your organizationโ€”you must commit to bringing cybersecurity to the forefront.

Remember that anyone in your organization can be a target of a phishing scam and that anyone in your organization can help or hurt your security posture.

Everyone in your organization should know how they can be more cyber-secure. A broad, companywide security awareness training program will help you do that.

Some 78% of the organizations surveyed for the report said they found a reduction in their phishing susceptibility due to their security awareness training.

Answer the three Ws

You may be familiar with the “five Ws and H” that guide journalists, researchers, and investigators: who, what, where, when, why and how.

At a minimum, answer these three first: 1) Who in my organization is being targeted by attackers?ย The answer is not as simple as looking at the top tiers of your org chart; 2) What types of attacks are they facing?ย Knowing the lures and traps attackers are using can help you better position your defenses; and 3) How can I minimize risk if these attacks get through?ย The answer is to use the information you’ve gathered to deliver the right training to the right people at the right time.

This exercise helps you defend against your most pressing and timely threats. Assessing vulnerabilities at a more granular level and matching those up against your threat intelligence will let you pinpoint where perfect storms are brewing.

Make time for agility

When we get busy, we may want to take a “set it and forget it” approach to cybersecurity. That’s understandable. But it doesn’t work in an era of constantly shifting attack techniques and evolving threats.

Building a security culture takes continued effort and attention. Plan for regular training and reinforcement but be responsive to changes in the threat landscape (and your organization).

Attackers’ targets change over time so the firm recommends identifying the employees most actively targeted by cyberattacks on a monthly, if not weekly, basis.

By pairing granular analysis with organization-wide training, the people being targeted will have a cybersecurity foundation you can build on with additional, targeted training.

Understanding general phishing trends is important. Having benchmarks to measure your users against them is valuable. But other organizations’ data isn’t as important as your organization’s data. You must understand your own threat climate in order to change things in your environment.

“Effective security awareness training must focus on the issues and behaviors that matter most to an organization’s mission,” Joe Ferrara, senior vice president and general manager of Security Awareness Training for Proofpoint, said in a statement.

“We recommend taking a people-centric approach to cybersecurity by blending organization-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognize and report attacks.”

Proofpoint’s data was based on survey results from 3,500 working adults and 600 IT security professionals from the US, UK, Australia, France, Germany, Japan, and Spain. Information also was derived from 50 million simulated phishing attacks sent by Proofpoint customers over 12 months and nine million suspicious emails reported by the end users of the company’s customers.

 

Source: Tech Republic

 

Good experience

★★★★★
5 5 1
โ€œSimplioWebStudio did a great jobโ€

Project accomplished

★★★★★
5 5 1
โ€œProject accomplishedโ€

Plugin developed successfully

★★★★★
5 5 1
โ€œPlugin developed successfullyโ€

ANOTHER SUCCESSFUL PROJECT

★★★★★
5 5 1
โ€œANOTHER SUCCESSFUL PROJECTโ€

Thank you Simplio team

★★★★★
5 5 1
โ€œGreat experienceโ€

Working with Simplio Web Studio was a fantastic experience.

★★★★★
5 5 1
โ€œWorking with Simplio Web Studio was a fantastic experience. The service provided was amazing and professional. It was a delight to work with Nir, who went the extra mile to meet our demands in a timely manner. He really made our vision a reality by creating us a classic site, but moreover the relationship we formed is something our company really appreciates. It was a pleasure working with Nir and the team at Simplio Web Studio. We highly recommend them to all and we look forward to working and doing more business with them in the future.โ€

a great project

★★★★★
5 5 1
โ€œa great projectโ€

All the best

★★★★★
5 5 1
โ€œAll the best to Simplioโ€

My website is Live

★★★★★
5 5 1
โ€œMy website is Live , thank you Simplioโ€

From beginning to end, the team at Simplio provided top of the line customer service.

★★★★★
5 5 1
โ€œFrom beginning to end, the team at Simplio provided top of the line customer service. The web developers are incredible and made sure we got exactly what we were looking for! They truly went above and beyond to make us happy and we couldnโ€™t have been more pleased with their talents. We would highly recommend them. Thanks so much Nir!โ€

After over two years of research we chose Simplio.

★★★★★
5 5 1
โ€œAfter over two years of research we chose Simplio. We are so far very satisfied. These people answered the phone on a Sunday and fixed a problem that was not even their fault. It was the host company which I had chosen that had caused our site to go down.โ€

Outstanding in both knowledge and professionalism.

★★★★★
5 5 1
โ€œOutstanding in both knowledge and professionalism. Nir and the staff at Simplio are Excellent in branding, web design and overall web presence. Definitely recommended!โ€

I cannot even imagine having another company managing my Presta shopping cart.

★★★★★
5 5 1
โ€œThey are now part of the Diastasis Rehab business team after working with them almost a year now. I cannot even imagine having another company managing my Presta shopping cart. After a bad experience with a programmer, I needed a new programmer (one that knew prestashop shopping cart) and most important one that I could trust. Finding all three was a difficult process! Lucky for me I found them. I cannot say enough about the diversity of services that this company provides. Every step of the way they make amazing suggestions to increase my sales and they get back to be right away either by email or phone. They have even created a simple and easy check out program for Presta Shop. They are actually a one stop shop! They updated my SSL, are setting up and changing my server to a dedicated one, setting up streaming of my DVD, website design, creating a specific program for address verification on Presta cart and handled the integration of Presta cart with my fulfillment house. I am now working on developing an APP with themโ€

Simplio really helped me out of a jam.

★★★★★
5 5 1
โ€œSimplio really helped me out of a jam. They did exactly what I needed on a very tight time frame (with little notice too!!!!) They are my new go-to guys for any Prestashop needs! Thanks Simplio!โ€

Excellent service!

★★★★★
5 5 1
โ€œExcellent service! Nir was exceptionally helpful in solving a lot of issues with our website and making the user experience more smooth. He understood the needs of our school and helped improve the website tremendously.โ€

impressed

★★★★★
5 5 1
โ€œWhat impressed me most about working with Simplio was their attention to detail and excellent communication. Not only are they talented developers, but, they are also pleasant to work with and highly professional. Highly recommended!โ€

professional service

★★★★★
5 5 1
โ€œWhat a profissional service Simplio offers.I hired them to rebuild my website for my business and they were creative and professional. Nir was on top of the whole project from day one, until he delivered the project on time. I will defiantly recommend Simplio to anyone who is looking for website services. From creating, designing to maintaining your image online. Good Job Nir and the rest of your group.โ€

Great Logo

★★★★★
5 5 1
โ€œGreat Logo, Very happyโ€

fantastic to work with

★★★★★
5 5 1
โ€œSimplio was fantastic to work with. They were fast, communicative and incredibly helpful to me. I highly recommend them to anyone who needs help with their digital needs!โ€

Awesome experience

★★★★★
5 5 1
โ€œAll details and requests were met in prompt an friendly manner. Would recommend on any day to anyone who wants to feel their business is in great hands.โ€