Phishing Forecast 2022: Increasing Waves of Fraud on the Horizon

Apr 25, 2022

The threat of phishing is accelerating, and most organizations have already been impacted in some way. According to the Cisco 2021 Cyber Security threat trends, 86% of all organizations had at least one user try to connect to a phishing site in the past year, and given the simplicity and effectiveness of the technique, it now accounts for 90% of data breaches.

Virteva continues to help customers build layers of defense against the loss of data, ransomware, and fraud that typically follows a successful phishing attack. Let’s review the first five things we talk about with all organizations, as these should be implemented to mitigate the risk of phishing immediately in our opinion.

First, the enable and require Multi Factor Authentication (MFA) to access your organizations systems and applications. According to the December 2021 Microsoft Cyber Signals report, basic security and hygiene can protect against 98% of attacks. At the core of this basic hygiene includes MFA, a proven way to ensure that identity theft isn’t a certain breach by requiring authentication from additional methods including possible biometric, hardware, email, pin, push notification, phone, or other “known” attributes of the user beyond username and password.

Second, deploy technology that helps secure user interaction the point of attack. Today 96% of all phishing attacks originate from email, from the silly to sophisticated, the basic email is the front door for so many user originated breaches. In Office365 Exchange Online, a very effective tool in reducing phishing impact is Safe Links and Safe Attachments, a part of the Microsoft 365 Defender family of security tools from Microsoft. Nearly invisible to users, the services of Defender are reviewing and scanning the attachments and links in the email your users are interacting with before they are allowed to open the attachment or open a weblink.

Third, enable and configure effective Anti-Phishing protection policies in Exchange Online. The seemingly obvious scams of a mysterious prince needing money wired transferred across the ocean and only you can help have been replaced by more challenging and sometimes benign looking requests from social engineering criminals tailoring messages to your employees. Emails from one part of the business to another asking for supply chain updates, internal IT notifications for password updates, the CEO following up on an email. Implement anti-spoofing technology, anti-user impersonation, safety tips, and other policies to ease the identification of emails imitating internal or partner emails.

Fourth, educate your users and test them. Microsoft has some fantastic tools built into Office 365 to help IT organizations simulate phishing and enhance training. We specifically use the Attack Simulation Training, and find that every quarter we test and train our employees, our the percentage of employees who fall prey to our simulation decreases.

Last, assume a security breach at all times and build your security plan around principles such as the zero-trust model, least-privilege access, and defense in depth security approaches to defend your user’s identity from compromise. Look for more detail on each of these principles soon!

Virteva is a Microsoft Gold Partner and expert in 24x7x365 IT operations and user experience, connect with us today to learn how we can help get your organization secured.

 

Latest Articles on Connected Solutions

Microsoft Security Software: What It Can (and Can’t) Protect You From

Microsoft Security Software: What It Can (and Can’t) Protect You From

Most of us rely on Microsoft products daily—whether it’s Windows on our PCs, Office for productivity, or Microsoft 365 for cloud-based collaboration. We trust that Microsoft security software automatically keeps us safe from digital threats. While Security Microsoft...

IT Security Assessment vs IT Security Audit: What’s the Difference?

IT Security Assessment vs IT Security Audit: What’s the Difference?

With an increasing number of IT security threats emerging every day, protecting sensitive data and systems has become non-negotiable. Two key components in any organization's security strategy are IT security assessments and security audits. However, while these terms...

The True Cost of Managed IT Services: What You Need to Know

The True Cost of Managed IT Services: What You Need to Know

Understanding the managed IT services cost is essential for businesses of all sizes when deciding whether to outsource their IT management. Many companies perceive managed IT services as expensive, but this is often due to a lack of understanding of what’s included in...