Phishing attacks are less complicated and inexpensive to accomplish. How can security leaders deal with the surging phishing attacks amid the uncertain market scenario?
In this digital era, most cyberattacks start with phishing, and for threat actors, it is a no-brainer. With more people operating remotely, distractions are inevitable, making it less likely for people to pay attention to security basics. As a result, more CISOs are prioritizing security awareness programs as a critical, multi-layered defense strategy.
Phishing is not only limited to corporate email issues. SlashNext reported having detecting about 21,000 new phishing attacks a day – among that, many have moved beyond corporate email or simple credential theft. Certainly, the cybercriminals are making the most out of this unprecedented time by different scams.
Given the current security landscape, more organizations are implementing AI solutions to predict as well as protect their users from phishing threats. However, the attackers are trying innovative ways to evade such detections – and eventually, there are almost double threats in 2020 versus a year ago!
Even the BEC attacks are surging across industries. According to Abnormal Security, BEC attacks have surged around 15% quarter-over-quarter – which is driven by the explosion in payment and invoice fraud. Thus, business leaders are required to upgrade their security tools in order to combat the threats.
As these attacks are refined and target specific, the sudden rise could indicate the cybercriminals’ capability for scaling. The same study noted that credential-phishing COVID-19 associated attacks decreased by 82%. However, the payment fraud continues to leverage the distress, uncertainty, and doubt of the marketplace, increasing by 81%.
As mentioned in the report, “Ongoing quarterly increases in BEC attack volumes should be a top concern to enterprises, with a 15% increase from Q2 to Q3. Since BEC attacks are targeted and sophisticated, this increase could indicate an ability for threat actors to scale that may overwhelm some businesses.”
To be on the safer side, CISOs are gearing up to be more diligent – for short-term, mid-term, and long term. Businesses need to have a comprehensive, multi-layer phishing defense approach in place outside the firewall. Bigger organizations are already protecting mobile devices and PC endpoints with end-to-end encryption.
Experts suggest that business leaders will need to be mindful of their corporate devices from users’ personal online behavior. With more employees working remotely, they are utilizing the same devices along with the same credentials – this is valid across personal as well as business accounts.
Indeed, the AI-enabled defenses can successfully fight the AI-enabled attacks – provided there is a pre-emptive security posture ready. Certain attacks unsurprisingly breach all security defenses, and thus, CISO must be mentally prepared to detect and respond to perform the obligatory clean-up quickly.