While hackers are getting smarter and more complex, it’s vitally important to set the groundwork to avoid being a phishing victim. Here are three bulletproof ways to avoid being a phishing victim.
We’ve talked about it before and it remains true. Phishing is the #1 threat to your users regarding the protection of your organization’s data.
According to a recent study, Google researchers identified 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. Using this dataset, they explored to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust.
Google’s analysis showed that only less than 7 percent of the passwords exposed in third-party data breaches were valid due to password reuse. Furthermore, the company’s data suggests that credential leaks are less likely to result in account takeover due to a decrease in password reuse rates.
Phishing: The #1 threat to your users
On the other hand, nearly a quarter of the passwords stolen via phishing attacks were valid, and Google believes phishing victims are 460 times more likely to have their accounts hacked compared to random users. As for keyloggers, nearly 12 percent of the compromised passwords were valid, and falling victim to such malware increases the chances of account takeovers 38 times.
How Can Organizations Help Their Users Avoid Becoming Phishing Victims?
As an organization, there are many tools and services available to help detect and remediate any cyber threats that enter your network. Cybriant has put the basic services together in one all-in-one service called CybriantXDR. It’s a comprehensive threat detection and remediation service that gives your greater visibility across your organization. Find out more here: https://cybriant.com/cybriant-xdr/.
While your organization should do everything possible to prevent data breaches, there are several ways to help your users. Here are three bulletproof ways to help your users avoid being phishing victims.
1. Zero Trust Mind Set
When you receive an unexpected email, train your employees to apply a zero-trust mindset. That means do not click on any links, no matter what. Hover over the links and confirm where it is going. Look at the sender, this is an easy way to confirm that is coming from the right person and not an alias.
If they are still unsure, be sure to have a process in place so employees can send it to your IT team so the email can be confirmed.
Cybriant’s CTO recently wrote about the anatomy of a phishing email – see that explanation here.
Andrew was able to examine the email and explore the URL in a sandbox so no harm was done. It was a very authentic-looking email that made it past several of the tools he had in place to block phishing emails as well. Luckily, he was able to avoid becoming a phishing victim and help others learn how to do the same.
2. Multi-Factor Authentication
While this is highly recommended for remote workers, MFA (Multi-Factor Authentication) is important no matter where you work.
Multi-factor authentication adds an additional layer of protection to your IT security environment on top of a strong password policy. With multi-factor authentication, employees can only gain access to systems if they give two or more pieces of identification while signing in. The most practical use of multi-factor authentication is to require a standard username and password combination in addition to a dynamic one-time passcode that only remains valid for one login session.
3. Protect All Endpoints
While all company-owned devices like laptops and cell phones should have the highest level of protection that has been specified by your organization-wide security strategy, many employees are accessing company data through personally-owned devices.
These personally-owned devices should be protected by antivirus or something similar. At Cybriant, we let everyone know that certain cyber threats can make it through traditional antivirus. It may be necessary to block access to company data on personal devices and only allow protected devices to be able to connect to certain applications.
Here are some of the threats that can make it through traditional antivirus:
Advanced Threats. Legacy antivirus depends on prior knowledge to detect threats. Adversaries have access to nation-grade hacking tools which means that new threats are detected daily. AI- and computer learning give us the ability to detect and validate suspicious activity.
Polymorphic Malware. Attackers can easily defeat signature-based antivirus tools that rely on checking a file’s hash against a known hash database.
Malicious Documents. Sometimes a maliciously formatted document is used to exploit vulnerabilities in the opening application to achieve code execution, and legacy AV cannot detect such by reputation.
Fileless Malware. Attackers have realized that traditional AV solutions have a gaping blindspot: malicious processes can be executed in memory without dropping telltale files for AV scanners to find.
Encrypted Traffic. Malicious actors can hide their activities from inspection by ensuring that traffic between the victim and attackers’ command-and-control (C2) server is protected by end-to-end encryption.
Cybriant MDR
Our team of security experts will help stop advanced threats at the endpoint with Cybriant MDR. We utilize AI-based next-gen antivirus that will help you:
PREVENT: Our expert security analysts monitor and record all the events that occur on your endpoints. Our team focuses on relevant threats that attempt data exfiltration or modification. When files attempt to execute these suspicious processes an alert is triggered and the attack is halted in real-time.
DETECT: When a credible threat is detected, our system will retrieve the process history and our team will analyze the chain of events in real-time and determine the validity of the threat. You’ll receive the alerts when threats are detected along with advice and insight from our cybersecurity team to help you mitigate and respond to the threat.
REMEDIATE: Once identified, the malicious activity is immediately stopped in its tracks, and our team guides you through the remediation. This remediation process provides astonishing insight into the data of the threat. You’ll be able to help your organization reduce their attack surface by learning how you’ve been compromised.
Consider Cybriant MDR to help you detect threats that antivirus will certainly miss. Learn more here: cybriant.com/mdr.