Phishing - don't get caught!
This article was originally written for publishing on the company blog at answers IT, and has been cross posted here.
Email is an indispensable communication tool, unfortunately many attacks also originate in emails. According to the OAIC Notifiable Data Breaches Quarterly Statistic Report, published on 31 July 2018 the majority of cyber incidents were linked to the compromise of credentials through phishing (29%), followed closely by brute-force attacks (14%) more staggering is the total breaches by unknown methods (34%).
Phishing is a play on the word “fishing”. The bait is often a email or social media message from a spammer, the fish are the unsuspecting victims who act on them. Spammers send out millions of messages, but only a few need to bite…
For the majority of our clients, we recommend Office 365 to provide email services. Office 365 includes protection mechanisms (Exchange Online Protection) to prevent malware from being introduced into Office 365 by a client or by an Office 365 server. However, this isn’t the only defense you should have to protect yourself.
In addition to your mail providers standard protection or filtering, there are additional layers that can be added to protect your business from email-based attacks. When it comes to security, layering multiple complimentary solutions is the best approach.
Advanced Threat Protection
The next layer in your stack should be Advanced Threat Protection (ATP). ATP extends this protection through a feature called Safe Attachments, which protects against unknown malware and viruses, and provides better zero-day protection to safeguard your messaging system. All messages and attachments that don’t have a known virus/malware signature are routed to a special virtualised environment, where a behavior analysis is performed using a variety of machine learning and analysis techniques to detect malicious intent.
Attackers sometimes try to hide malicious URLs with seemingly safe links that are redirected to unsafe sites by a forwarding service after the message has been received. ATP Safe Links proactively protects you if you do visit a malicious URL. That protection remains every time they click the link, and malicious links are dynamically blocked while good links are accessible.
ATP also offers rich reporting and tracking capabilities, this allows us to analyse who is being targeted and what sort of attack vectors are being used. It also allows us to determine who has clicked on unsafe links, leading to conversations and training about remaining vigilant.
Additional Complimentary solutions
Additional layers that can be useful in protecting against email-bourne attacks include solutions such as Anti-Virus/Anti-Malware, Managed DNS Security and Intrusion Detection systems.
Humans are layers, too!
Even with the above solutions in place, there’s one final layer that needs to be considered: you!
When reading emails, the first things that are likely to get our is the sender’s name, email, and subject. It may come as a surprise that spoofing these is an easy thing to do. Even if you know the source of the email, if something looks suspicious, report it to answers IT - we would much rather take a quick call and give you the “all OK”, avoiding hours upon hours of trying to recover from a potential breach. Plus it’ll save your company from having to go through the painstaking and embarrassing Notifiable Data Breaches Reporting process.