By Harish Chib, VP MEA Sophos
Phishing is one of the most common attack vectors for hackers who exploit end-user behavior as the weakest link in an organizations cyber-defense. For years, criminals have disguised attacks in email and today we see phishing emails as a primary delivery method for ransomware payloads. Phishing emails have led to massive data exposures, which caused major reputational and financial damage in the private and public sector over the last few years. As cybercriminals continue to prey on employees through their technology, they are always taking measures to be one step ahead. In an organization all it takes is one employee to take the bait.
Phishing attack prevention: How organizations must protect itself from getting hooked
Stop threats at the door
The best defense against phishing emails is your email gateway. Email protection is your watch guard, blocking 99% of unwanted email at the gateway, including malicious attachments, content, and URLs - long before an end user ever sees them.
Web filtering is another must-have as a front-line defense, filtering and blocking infected URLs should your users click an email link. And file sandboxing ensures those nasty malware laden downloads get removed from the threat chain early on.
Protect your weakest link: users
Even with the best upfront filters, attacker methods such as BEC – with no executables or links to detect – may still get through. Appropriate training and education is critical for ensuring that all your employees know how to spot and deal with these types of email messages.
Secure your last line of defense
If your click-happy end users inadvertently unleash potent, powerful malware onto your systems, there’s still ample opportunity to stop the damage – and even reverse its effects. Next-generation exploit prevention solutions will identify, analyze, and neutralize the effects of even the most advanced, unseen malware out there, and automatically clean up all trace of infection so you can get on with your day.
Know your business
Make sure your company processes are understood, that you encourage employees to question requests that seem out of character from other employees and senior managers, and perhaps most important of all, ensure you have a two-stage approval process for all significant fund transfer requests. All the defenses in the world aren’t going to stop an employee from unknowingly sending large payments to a thief without some proper checks and balances in place.
Phishing is a problem that will not go away. But you can be more cautious and train yourself to look for giveaways that will tell you if you have visited a phishing website. Cybercriminals will continue to take advantage of opportunities as long as they are getting their money. The fight is challenging but it’s something we can win.
No comments:
Post a Comment