Phishing Forecast 2022: Increasing Waves of Fraud on the Horizon

Apr 25, 2022

The threat of phishing is accelerating, and most organizations have already been impacted in some way. According to the Cisco 2021 Cyber Security threat trends, 86% of all organizations had at least one user try to connect to a phishing site in the past year, and given the simplicity and effectiveness of the technique, it now accounts for 90% of data breaches.

Virteva continues to help customers build layers of defense against the loss of data, ransomware, and fraud that typically follows a successful phishing attack. Let’s review the first five things we talk about with all organizations, as these should be implemented to mitigate the risk of phishing immediately in our opinion.

First, the enable and require Multi Factor Authentication (MFA) to access your organizations systems and applications. According to the December 2021 Microsoft Cyber Signals report, basic security and hygiene can protect against 98% of attacks. At the core of this basic hygiene includes MFA, a proven way to ensure that identity theft isn’t a certain breach by requiring authentication from additional methods including possible biometric, hardware, email, pin, push notification, phone, or other “known” attributes of the user beyond username and password.

Second, deploy technology that helps secure user interaction the point of attack. Today 96% of all phishing attacks originate from email, from the silly to sophisticated, the basic email is the front door for so many user originated breaches. In Office365 Exchange Online, a very effective tool in reducing phishing impact is Safe Links and Safe Attachments, a part of the Microsoft 365 Defender family of security tools from Microsoft. Nearly invisible to users, the services of Defender are reviewing and scanning the attachments and links in the email your users are interacting with before they are allowed to open the attachment or open a weblink.

Third, enable and configure effective Anti-Phishing protection policies in Exchange Online. The seemingly obvious scams of a mysterious prince needing money wired transferred across the ocean and only you can help have been replaced by more challenging and sometimes benign looking requests from social engineering criminals tailoring messages to your employees. Emails from one part of the business to another asking for supply chain updates, internal IT notifications for password updates, the CEO following up on an email. Implement anti-spoofing technology, anti-user impersonation, safety tips, and other policies to ease the identification of emails imitating internal or partner emails.

Fourth, educate your users and test them. Microsoft has some fantastic tools built into Office 365 to help IT organizations simulate phishing and enhance training. We specifically use the Attack Simulation Training, and find that every quarter we test and train our employees, our the percentage of employees who fall prey to our simulation decreases.

Last, assume a security breach at all times and build your security plan around principles such as the zero-trust model, least-privilege access, and defense in depth security approaches to defend your user’s identity from compromise. Look for more detail on each of these principles soon!

Virteva is a Microsoft Gold Partner and expert in 24x7x365 IT operations and user experience, connect with us today to learn how we can help get your organization secured.

 

Latest Articles on Connected Solutions

Microsoft 365 Zero Trust: Key Benefits for Business Security

Microsoft 365 Zero Trust: Key Benefits for Business Security

Let’s start with a simple truth — the type Agent Mulder knew and lived by after so many seasons - Trust No. 1. And “trust” in the digital miasma, which is the internet, is a dangerous game. Cybercriminals are sneaky, evolving, and relentless. Why? Because the payoff...

What Does an IT Infrastructure Manager Do? Key Roles and Benefits

What Does an IT Infrastructure Manager Do? Key Roles and Benefits

Your business is a high-performance sports car — a Lamborghini or Ferrari. Everything looks sleek on the outside; inside, it’s posh and stylish and all leather, and under the hood, there’s a complex, highly tuned - expertly built - engine powering the whole operation....

Why Financial Services Need IT Consulting Now More Than Ever

Why Financial Services Need IT Consulting Now More Than Ever

Imagine standing in a crowded stock exchange, Wall Street, for example — the buzz and chaos of trades flying left and right. People are going bananas. Fortunes are being made. Fortunes are being lost. Hellish yet exhilarating — like a casino for grown-ups. Now,...