Phishing Forecast 2022: Increasing Waves of Fraud on the Horizon

Apr 25, 2022

The threat of phishing is accelerating, and most organizations have already been impacted in some way. According to the Cisco 2021 Cyber Security threat trends, 86% of all organizations had at least one user try to connect to a phishing site in the past year, and given the simplicity and effectiveness of the technique, it now accounts for 90% of data breaches.

Virteva continues to help customers build layers of defense against the loss of data, ransomware, and fraud that typically follows a successful phishing attack. Let’s review the first five things we talk about with all organizations, as these should be implemented to mitigate the risk of phishing immediately in our opinion.

First, the enable and require Multi Factor Authentication (MFA) to access your organizations systems and applications. According to the December 2021 Microsoft Cyber Signals report, basic security and hygiene can protect against 98% of attacks. At the core of this basic hygiene includes MFA, a proven way to ensure that identity theft isn’t a certain breach by requiring authentication from additional methods including possible biometric, hardware, email, pin, push notification, phone, or other “known” attributes of the user beyond username and password.

Second, deploy technology that helps secure user interaction the point of attack. Today 96% of all phishing attacks originate from email, from the silly to sophisticated, the basic email is the front door for so many user originated breaches. In Office365 Exchange Online, a very effective tool in reducing phishing impact is Safe Links and Safe Attachments, a part of the Microsoft 365 Defender family of security tools from Microsoft. Nearly invisible to users, the services of Defender are reviewing and scanning the attachments and links in the email your users are interacting with before they are allowed to open the attachment or open a weblink.

Third, enable and configure effective Anti-Phishing protection policies in Exchange Online. The seemingly obvious scams of a mysterious prince needing money wired transferred across the ocean and only you can help have been replaced by more challenging and sometimes benign looking requests from social engineering criminals tailoring messages to your employees. Emails from one part of the business to another asking for supply chain updates, internal IT notifications for password updates, the CEO following up on an email. Implement anti-spoofing technology, anti-user impersonation, safety tips, and other policies to ease the identification of emails imitating internal or partner emails.

Fourth, educate your users and test them. Microsoft has some fantastic tools built into Office 365 to help IT organizations simulate phishing and enhance training. We specifically use the Attack Simulation Training, and find that every quarter we test and train our employees, our the percentage of employees who fall prey to our simulation decreases.

Last, assume a security breach at all times and build your security plan around principles such as the zero-trust model, least-privilege access, and defense in depth security approaches to defend your user’s identity from compromise. Look for more detail on each of these principles soon!

Virteva is a Microsoft Gold Partner and expert in 24x7x365 IT operations and user experience, connect with us today to learn how we can help get your organization secured.

 

Latest Articles on Connected Solutions

Top Ten Tips for Enhancing Email Security in Microsoft 365

Top Ten Tips for Enhancing Email Security in Microsoft 365

As businesses continue to harness the power of Microsoft 365 for communication and collaboration, ensuring the security of email systems is more critical than ever. Below are ten tips, including some advanced and less commonly discussed strategies, to help secure your...

Top 12 Advanced Tips for Microsoft Copilot for IT Professionals

Top 12 Advanced Tips for Microsoft Copilot for IT Professionals

Microsoft Copilot is revolutionizing how businesses interact with data and manage tasks within their Microsoft 365 environments. Here are twelve advanced tips designed for IT professionals seeking to maximize the potential of Microsoft Copilot: 1. Customize Copilot's...

Maximizing Cloud Security: Tips for an Effective Cloud Security Assessment

Maximizing Cloud Security: Tips for an Effective Cloud Security Assessment

$4 million — that’s the cost of a digital breach. If a hacker gets into your stuff, that’s the final tally. That’s a wallop to any business. According to the FBI, that’s the average cost of a digital invasion. In this guide, we’ll equip you with actionable steps and a...