Every Season is Phishing Season. How can your company win? 

Jeff Hershberger
5 min read
Aug 17, 2022
ghost phishing for data

In 2021 83% of organizations reported instances of phishing, almost doubling from the previous year.  

A successful phishing attack on a company can have devastating and long-lasting impacts. These can include revenue loss, reputation damage, intellectual property theft, data leaks, and decreased overall company value. In addition, a company can suffer significant financial penalties after the fact. There could be hefty fines issued by regulatory agencies if it is found that a company acted carelessly with customer data and customers can file civil lawsuits for any damages they experience as a result.  

Thankfully there are ways a company can take steps to protect itself from these dangers. 

What is Phishing?

Phishing is when an attacker sends a fraudulent message, usually by email, designed to look like a legitimate communication and with the intent of tricking the recipient into taking an action that benefits the attacker. This can either happen by revealing personal information (like passwords or credit card numbers) or by clicking a link that is not safe. 

A skilled criminal can now create phishing emails that are almost indistinguishable from their official counterparts. However, it doesn’t stop at just emails. As technology has continued to evolve, so have the types and sophistication level of phishing attacks. 

Some other common phishing types you may be familiar with: 

  • Vishing: Faking a trusted phone number using Voice over IP (VoIP) to gain information from an individual. 
  • Smishing: Uses social media and mobile platform messaging, usually in a similar fashion to email. 
  • Calendar Phishing: Being sent a fake calendar invitation.  
  • Spear Phishing: Targeted at a specific subset of individuals.   
  • Whaling: Targeted at high-profile, senior, or executive-level individuals. 

Phishing is only getting worse 

The number of reported cybercrimes involving Phishing has increased exponentially each year since their invention and shows no sign of slowing down in the future.  

According to Verizon’s 2022 Data Breach Investigations Report, approximately 20% of all data breaches involve phishing by email and social actions. In the Anti-Phishing Working Group’s (APWG) Phishing Trends Report for the first quarter of 2022, there was a record number of attacks at over 1 million. Nearly a 15% increase in the number of instances from the previous quarter and the highest single quarter number ever recorded by APWG. An additional comparison between the FBI’s 2019 and 2021 annual reports published by the Internet Crime Complaint Center (IC3) shows that the number of reported instances of cybercrime involving Phishing increased by almost 200% in just two years. 

It is important to remember that these reports can only include instances of phishing that are actually reported. The Department of Justice estimates that only 1 in 7 cybercrimes get reported, which means that approximately 85% of cybercrimes go unreported, or worse, undetected.  

The Current State of Play 

With the number of fishing attacks constantly growing and cybercriminals becoming more brazen, it is no longer a question of whether or not your company will be targeted. It is a question of when it will happen. The current state of cybersecurity training most companies provide to employees is not doing enough to help them avoid falling victim to phishing attacks and many companies are cutting corners on essential security measures that could protect them and their customers. 

Some numbers to think about: 

  • Cybercriminals are getting more adept at crafting increasingly convincing fraudulent messages. An overwhelming 96% of phishing attacks occur via email and 94% of malware attacks originated from emails that were sent to the victims. 
  • Whaling and Spear Phishing at companies are on the rise, with top executives accounting for 65% of targeted attacks. It is getting easier for cybercriminals to identify and contact these individuals with the popularity of professional social networking sites like LinkedIn. Their reliance on executive assistants to manage their email and communication also makes them a high-value target. 
  • Cybercriminals are constantly coming up with new attack vectors and the advent of social media has opened a whole new landscape for them. In 2021, 61% of companies said that they experienced incidents of phishing through one or more social media channels.  

There are three easy steps to protect your company: 

  1. Use the right technology
    Use email providers that have strong native security features. Webmail providers and Office 365 all attempt to catch fake emails as they traverse the internet, often originating from a spam email service provider. While it is harder for providers to detect a well-spoofed email address, the ones they do catch get shut down before they even hit your inbox. Your security team should also be taking precautions by using native or third-party tools to enhance email security on both your email handlers and endpoints.
  2. Training/Awareness
    The most important deterrent of cybercrime is people. No matter how advanced preventative technology is there will always be nefarious actors that are one step ahead in getting through. Company time and money spent on technical solutions are wasted if you aren’t utilizing a proper cybersecurity training program for staff members at all levels.Your security team must provide regular in-depth training in cybersecurity and anti-phishing procedures. Training should allow attendees to see the most effective examples of real, well-crafted phishing emails and let them get hands-on with real-life scenarios. The best phishing emails work because they don’t look suspicious, but they always have a sign that something is off. People just need to be trained on how to spot these signs and react appropriately.
  3. Utilize a Reputation-Based Threat Intelligence Tool in your Security Stack
    A phishing attack is a chain reaction, and the email or message is just the first step. When a user on your network clicks on the content in a phishing message a connection is made with an external IP address. That IP address is often hosting malware and other tools to install on the network that will out the next stages of the attack. It’s like a thief is knocking on your front door and holding the door open for them as they rob you.  

 

As the sophistication of fraudulent Phishing communications continues to evolve even the most well-trained employees will still make the mistake of clicking on a phishing email from time to time. When this happens, you need a way to recognize it and stop the following attack before it causes irreparable damage. While firewalls may prevent systems on your network from communicating with some IP addresses you deem dangerous, their usefulness has limitations in these situations. 

 This is where an IP threat intelligence tool based on reputation can step in and save your company from suffering devastating long-term consequences.  

An IP threat intelligence tool monitors network traffic in real-time and provides full visibility of every connection made on the network. When paired with AI and a complete historical library of reputation-based IP records, it uses hundreds of factors to instantly identify malicious or unknown connections in a network. It takes to take the guesswork out of knowing if a connection is a threat so you can stop an attack in its tracks. 

We Can Help 

If you’re not using an applied IP reputation-based threat intelligence tool in your cybersecurity tool stack you are selling your company short.  

There are roughly 3.4 billion IPs that have such poor reputations that no company should ever communicate with them. Our team at Intrusion has shown many companies how their networks are regularly connecting to dangerous IPs, even when they thought their firewall would protect them from these types of threats. 

Please contact us if you’d like to learn more about how Intrusion can help protect your business. 

Resources that might interest you.

The State of Threat Hunting Cover
The State of Threat Hunting

Oct 25, 2022

See how today’s SOC teams rate their threat hunting maturity, how effective they are, and what is needed to level up their efforts.