Phishing Forecast 2022: Increasing Waves of Fraud on the Horizon

Apr 25, 2022

The threat of phishing is accelerating, and most organizations have already been impacted in some way. According to the Cisco 2021 Cyber Security threat trends, 86% of all organizations had at least one user try to connect to a phishing site in the past year, and given the simplicity and effectiveness of the technique, it now accounts for 90% of data breaches.

Virteva continues to help customers build layers of defense against the loss of data, ransomware, and fraud that typically follows a successful phishing attack. Let’s review the first five things we talk about with all organizations, as these should be implemented to mitigate the risk of phishing immediately in our opinion.

First, the enable and require Multi Factor Authentication (MFA) to access your organizations systems and applications. According to the December 2021 Microsoft Cyber Signals report, basic security and hygiene can protect against 98% of attacks. At the core of this basic hygiene includes MFA, a proven way to ensure that identity theft isn’t a certain breach by requiring authentication from additional methods including possible biometric, hardware, email, pin, push notification, phone, or other “known” attributes of the user beyond username and password.

Second, deploy technology that helps secure user interaction the point of attack. Today 96% of all phishing attacks originate from email, from the silly to sophisticated, the basic email is the front door for so many user originated breaches. In Office365 Exchange Online, a very effective tool in reducing phishing impact is Safe Links and Safe Attachments, a part of the Microsoft 365 Defender family of security tools from Microsoft. Nearly invisible to users, the services of Defender are reviewing and scanning the attachments and links in the email your users are interacting with before they are allowed to open the attachment or open a weblink.

Third, enable and configure effective Anti-Phishing protection policies in Exchange Online. The seemingly obvious scams of a mysterious prince needing money wired transferred across the ocean and only you can help have been replaced by more challenging and sometimes benign looking requests from social engineering criminals tailoring messages to your employees. Emails from one part of the business to another asking for supply chain updates, internal IT notifications for password updates, the CEO following up on an email. Implement anti-spoofing technology, anti-user impersonation, safety tips, and other policies to ease the identification of emails imitating internal or partner emails.

Fourth, educate your users and test them. Microsoft has some fantastic tools built into Office 365 to help IT organizations simulate phishing and enhance training. We specifically use the Attack Simulation Training, and find that every quarter we test and train our employees, our the percentage of employees who fall prey to our simulation decreases.

Last, assume a security breach at all times and build your security plan around principles such as the zero-trust model, least-privilege access, and defense in depth security approaches to defend your user’s identity from compromise. Look for more detail on each of these principles soon!

Virteva is a Microsoft Gold Partner and expert in 24x7x365 IT operations and user experience, connect with us today to learn how we can help get your organization secured.


Latest Articles on Connected Solutions

Cloud Infrastructure Monitoring – Understand Its Importance

Cloud Infrastructure Monitoring – Understand Its Importance

In the age of digital transformation, businesses are increasingly migrating their operations to the cloud. This shift offers scalability, flexibility, and agility but also introduces a new layer of complexity: managing and monitoring your cloud infrastructure. This is...

ITService Desk Best Practices: A Guide for 2024

ITService Desk Best Practices: A Guide for 2024

In the fast-paced digital era, the service desk has evolved from a mere support function to a critical component of an organization's success. As the first point of contact for IT issues and requests, an efficient service desk can significantly enhance productivity,...

Deploying AI in Healthcare IT Operations Management

Deploying AI in Healthcare IT Operations Management

Running a healthcare business comes with a heap of admin tasks. Too much on your plate can mean less time for patients and profits. Enter AI. Tools like Microsoft Copilot are game changers, helping IT teams catch and fix issues early. They streamline your operations...