end-point
ANALYSIS
FIVE TIPS TO STAY OUT OF THE PHISHING TRAP
Bashar Bashaireh , Managing Director , Middle East and Turkey , Cloudflare , outlines key recommendations that will help organisations stay out of the phishing trap .
Email is the most exploited business application . It is the primary initial attack vector for cybersecurity incidents , and contains vast amounts of trade secrets , PII , financial data and other sensitive matters of value to attackers .
On top of that , email is one of the hardest applications to secure . If it were simple , there would be fewer headlines about business email compromise ( BEC ) losses topping US $ 50 billion , and fewer breaches resulting from someone falling for a phish . Once an attacker has infiltrated one email account , they can move laterally and impact a wide range of internal systems .
Phishing is as common in the public sector as it is in the private sector and besides the obvious financial implications , there is also the issue of damage to the reputation of the enterprise .
Cloudflare recently published its 2023 Phishing Threats Report . The three key takeaways are :
• Attackers use links as the number one phishing tactic – and are evolving how they get you to click and when they weaponise the link .
• Identity deception takes multiple forms and can easily bypass email authentication standards .
• Attackers may pretend to be hundreds of different organisations , but they primarily impersonate the entities we trust ( and need to get work done ).
Below are some recommendations that will help organisations stay out of the phishing trap :
1 . Secure email with a Zero Trust approach – Despite email ’ s pervasiveness , many organisations still follow a ‘ castle-and-moat ’ security model that trusts messages from certain individuals and systems by default . 2 . With a Zero Trust security model , you trust no one and nothing . No user or device has completely unfettered , trusted access to all apps – including email – or network resources . This mindset shift is especially critical if you have multi-cloud environments and a remote or hybrid workforce .
Don ’ t trust emails just because they have email authentication set up , are from reputable domains , or ‘ from ’ someone with whom you have a prior communication history . Choose a cloud email security solution rooted in the Zero Trust model and make it more difficult for attackers to exploit existing trust in ‘ known ’ senders . 3 . Augment cloud email with multiple antiphishing controls – A multi-layered defense
72 WWW . INTELLIGENTCISO . COM