SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Phishing attacks are making a comeback
Tue, 21st Jun 2022
FYI, this story is more than a year old

Phishing attacks are on the rise in Australia. First observed here in 2003, the rapid shift to digital services and eCommerce due to the pandemic has presented bad actors with a raft of new opportunities to attack the vulnerable.

No matter what approach or tool cybercriminals use to breach a network, they all have one thing in common: access. Compromised credentials are one of the most popular ways that adversaries penetrate a network, and are the reason behind 61% of breaches. Hackers can gain login information through a variety of methods, but phishing schemes remain the most commonly used and trusted method. Companies are aware of this fact, yet they continually fail at adequately protecting systems.

Phishing attacks are so successful because they rely on exploiting the common human element of trust. These attacks usually appear as a benign email message from a supposed colleague, or perhaps a leader within an organisation – someone in a position of trust, in other words. Other times they may appear to be from a recognised partner or end user.

However, through the fog of a carefully crafted message, a cyber adversary eagerly waits for a target to fall victim to their trap. Although phishing attacks are highly documented, it remains a serious and effective method of attack against non-security professionals. In fact, email-based phishing attacks have only gone up. In 2021, 86% of organisations experienced a successful phishing attack – up 36% from 2020.

One major contributing factor in the increase in email phishing attacks is remote work. Unfortunately, dispersed workforces carry corresponding security complications. During the past two years, the security perimeter has disolved and corporate networks have evolved from strictly on-premises to the cloud, enabling employees to work from anywhere around the world. It is important to note that remote/hybrid work has blurred the lines between personal and professional life.

To avoid phishing scams, organisations must invest in educating employees on recognising the early signs of phishing scams, how to differentiate phishing, and good cybersecurity practices. However, it is also essential that modernised solutions are implemented in place as a backbone of an organisation's cybersecurity posture.

Staying cyber smart against competent criminals

Rather than retreating to legacy solutions and failed strategies, companies should rethink using proactive techniques for addressing cyber threats head-on. Human error is also frequently to blame for as many as 95% of data breaches. In this case, security leaders need to understand what constitutes a normal level of activity for their networks, and how to identify abnormalities that should be flagged for detection, investigation, and containment, in order to prevent any damage to business systems.

A recent example of why this visibility is important is the devastating SolarWinds breach, in which cyber criminals went undetected inside network systems for 6 months. This incident was a wakeup call to the cybersecurity industry, and one which hopefully drives people to take a proactive approach to cybersecurity. Cyber criminals can remain undetected on internal systems for months if adequate detection solutions are not in place.

Having a threat detection, investigation, and response (TDIR) solution in place can help an organisation to remain protected in the current threat climate. Allowing for a mix of behavioural analytics and smart cyber hygiene can prevent credential-based attacks and hostile lateral movements across the network. TDIR system solutions allow organisations to create a baseline of normal behaviour through machine learning technologies. Security teams can thus spot abnormalities faster and can implement security protocols.

Another step to preventing phishing attacks is for organisations to empower the workforce using proactive measures to bolster security defences. Employees remain a critical aspect of a company's security posture, and having security teams regularly monitor behavioural analytics while also educating employees on password best practices can go a long way toward ensuring the organisation is protected. Best practices include changing passwords regularly or using password vaults, enabling multi-factor authentication, or using adaptive authentication. Employees who routinely implement these and other cyber hygiene practices for both personal and professional accounts minimise the risk of being victims of a phishing attack.

Finally, security leaders can implement a regular cybersecurity awareness training program. The key to developing an effective security awareness training program is to make it accessible to all departments within the organisation. This can be done through brief or bite-sized knowledge sharing that provides examples of what employees can, and should, be doing to maintain a responsible security posture online. A proactive, joint approach to cybersecurity can be a boon for growth of the organisation.