From ransomware to SolarWinds, the cybersecurity space has been as hectic as ever over the past 12 months. However, for all of the emerging threats on the horizon, phishing – one of the oldest pain points in cybersecurity – continues to wreak havoc for enterprises around the world.
It’s often overlooked in terms of media hype, but phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing, while 74 percent of US organisations experienced a successful phishing attack last year alone. And globally, cybercriminals exploited public fears over the COVID-19 pandemic to find new phishing victims.
Phishing remains one of the most serious risks to an organisation’s cybersecurity health, but with proper anti-phishing hygiene and best practices in place, you can shore up your defences. Here are three simple tips to help you deal with phishing threats…
Phishing scammers are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it’s crucial to look for the red flags.
Unusual formatting, overly explicit call-outs to click on a hyperlink or open an attachment, and subject lines that create a sense of urgency are all warning signs. Emails with these hallmarks should be treated with caution. And if you suspect a phishing attempt, contact your IT department immediately.
Cybercriminals may impersonate someone you already know – such as a colleague, service provider or friend – as a way to trick you into believing that their malicious content is trustworthy. Don’t fall for it.
If an email is out of place, or unusual, reach out directly to the sender to confirm whether the content is authentic and safe. If not, break off communication immediately and flag the incident through the proper channels at your workplace.
Threat actors have diversified their phishing efforts beyond traditional email. For example, voice phishing – or vishing – has become a primary alternative for scammers looking to gather sensitive information from unsuspecting individuals.
Similar to conventional phishing, vishing is typically executed by individuals posing as legitimate contacts – like healthcare providers or insurers – and asking for sensitive data. It’s imperative for individuals to be wary of any sort of communication that asks for personal information (via email, phone or chat), especially if the communication is unexpected. If anything seems suspicious, break off the interaction immediately and contact the company directly to confirm the authenticity of the communication.
Phishing may be “one of the oldest tricks in the book”, but it is still incredibly effective and increasingly widespread. By exercising caution and vigilance, and by deploying these few fundamentals, you can reduce your chances of falling victim to a phishing attack.
This article has been adapted from Cyber Security Awareness Month resources supplied by the event organisers, and is published here with permission. References include:
BUI is proud to be a 2021 Cyber Security Awareness Month Champion Organisation. Follow along on Facebook, LinkedIn and Twitter for more security tips throughout October!
Our Cyber SoC leverages state-of-the-art Microsoft Security technology – including Azure Sentinel – to continuously monitor connected environments.
With cloud-powered data processing, cyberthreats are detected, analysed, and managed in near real-time to provide comprehensive, end-to-end protection.
BUI is proud to announce its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a Champion organisation and joining a growing global effort to promote awareness of online safety and privacy.
This year, Champion organisations include technology companies Cisco, Kaspersky, McAfee, and Palo Alto Networks, as well as industry heavyweights like General Motors.
The Cybersecurity Awareness Month Champion programme is a collaborative effort among businesses, government agencies, tertiary education institutions, associations, and non-profit organisations and individuals committed to the 2020 Cybersecurity Awareness Month theme of “Do Your Part – #BeCyberSmart”. The programme aims to empower individuals and organisations to own their role in protecting their part of cyberspace.
The overarching message of this year’s theme – “If You Connect It, Protect It” – dives into the importance of keeping connected devices safe and secure from outside influence.
More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Data collected from these devices can detail highly specific information about a person or business which can be exploited by threat actors for their personal gain. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering guidance around simple security measures to limit the risks for commonly used devices like smartphones, tablets, and laptops.
This year, Cybersecurity Awareness Month will feature four main focus areas:
If everybody does their part – by implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – then our interconnected world will be safer and more resilient for everyone.
Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The initiative, which is led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security, is in its 17th year.
Visit staysafeonline.org for more information about Cybersecurity Awareness Month 2020, and follow BUI on Facebook, LinkedIn, and Twitter for daily cybersecurity resources! Throughout October, we will be sharing tips to help you and your teams be safer and more secure online.
Join our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke for an exclusive live webinar on Thursday 15 October 2020.
Creating Your Human Firewall will show you how to transform your employees into cyber defenders. Reserve your seat!