Due to the ongoing pandemic, multitudes of people have been obligated to work remotely, making phishing attacks commonplace in the digital world. It has widened the doors to vulnerability as people move away from the more secure networks of their workplace. Businesses’ networks have not been entirely secure either, with reports showing that phishing attacks account for more than 80% of reported security incidents. According to Verizon, 94% of all malware was delivered via email as of 2019. At this juncture, what do organizations do to stay protected, and how to stop phishing emails?
Why Do Businesses Need To Be Doubly Cautious?
The year 2020 has been a particularly detrimental year for businesses owing to the Covid-19 pandemic. According to Yahoo! Finance, 78% of senior IT and IT security leaders believe their organizations’ security stance is weak despite the increased IT investments towards work-from-home challenges. Businesses suffer from being the target of cyber adversaries mainly in two ways.
Loss Of Revenue
Business organizations cannot afford to underestimate the need for anti-phishing solutions, given the growing losses in revenue each year. According to Verizon’s Data Breach Investigations Report of 2019, 71% of breaches reported were financially motivated. Therefore, it is clear that businesses are the target because that’s where the money is. PwC’s Global Economic Crime and Fraud Survey 2020, which surveyed 5000 participants across 99 territories, points out that the total losses due to fraud in revenue are a staggering $42 billion. A Statista survey shows ransomware attacks up to 304 million in 2020 compared to 187.9 million in 2019.
Number of Ransomware attacks 2014-2020 (in millions)
(Graph Source – Statista)
Disruption Of Services
Along with losses in revenue, phishing also hinders the smooth functioning of day-to-day activities. Ransomware attacks tend to disrupt the operations of businesses by the use of screen-locking and crypto-ransomware. Once an attacker succeeds in compromising a system, the most likely way for the user to regain access is to pay a ransom amount. For large private firms, this amount can be to the tune of several millions of dollars. The recent attack on America’s Colonial Pipeline was a ransomware attack resulting in a forced shutdown and a loss of $4.5 million as ransom.
Anti-Phishing And Anti-Ransomware Solutions
The absence of anti-phishing solutions in the organization’s IT setup makes it vulnerable to cyber threats. Adversaries gain employee credentials through social engineering attacks such as through phishing emails, which are then used to infiltrate the organization’s information network. One can prevent such attacks through the use of anti-ransomware solutions. Large businesses and enterprises may possess the resources to opt for Disaster Recovery (DR) Services or Disaster Recovery as a Service (DRaaS). DR and DRaaS safeguard an organization’s data and ensure business continuity in a ransomware attack or any software or hardware failure. According to Gartner, some of the best DRaaS solutions are the ones listed below:
- Azure Site Recovery by Microsoft
- Acronis Disaster Recovery Service by Acronis
- VMware Site Recovery by VMWare
- ShadowProtect by StorageCraft
- Datto ALTO by Datto
- IBM Disaster Recovery as a Service by IBM
Small businesses and individuals who travel and work remotely away from the secure networks of their offices can adopt reputable security suites for data protection.
Best Anti-Phishing Practices Businesses Must Adopt
Apart from having the best DRaaS or anti-malware solutions protecting extensive information infrastructure and small personal systems, it’s best to know what to do to prevent disaster from striking in the first place. Protecting oneself from oneself is the first step to staying safe. Listed below are some of the anti-phishing best practices that will keep a business’s information infrastructure secure from threats like ransomware:
- Be Prudent While Clicking: An organization may have the best email phishing protection, but it is also best to be vigilant and avoid clicking on suspicious links or email attachments.
- Avoid Disclosing Personal Information: Malicious actors seek users’ credentials to use them to gain access to the information network. Hence, one must be careful about sharing such information.
- Conduct Awareness Programs: Ongoing security awareness training for employees helps them develop a security-oriented outlook at the office and the remote workplace.
- Use Of Strong Passwords: Credential theft is one of the common targets of phishing email examples. The use of solid passwords prevents adversaries from guessing or using brute-force attacks to crack passwords. Refrain from the practice of using the same password for multiple accounts.
- Reporting Of Phishing Attacks: Employees must be encouraged to report suspicious emails or instances promptly as it could help take timely action against potential phishing emails.
- Use Of Email Security: The first line of defense for email security is the implementation of email authentication standards, such as SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (DomainKeys Identified Mail). Ensure these tools are carefully set up.
- Keep Software Up-To-Date: Devices that connect to an organization’s network must be updated by installing the latest software versions and security patches that repair vulnerabilities. It is also advisable to maintain an inventory of what devices are allowed to connect to the organization’s network to ensure maximum security.
- Be Alert To Domain Spoofing: Users must stay aware of domain spoofing as malicious actors often use this technique. Spoofing can trick an employee into opening emails and responding to them where the domain name looks similar to that of the organization.
With employees continually asking ‘how to stop phishing emails’ and ‘how to stay protected from ransomware,’ it certainly is not an easy task. Having to open and read through dozens of emails every day can take its toll on the user. Businesses, therefore, need to take a firm stance towards protecting the system in the form of training programs, awareness campaigns, and the use of security tools such as anti-malware and anti-phishing solutions. Staying protected must be an ongoing process if an organization has to remain secure from the clutches of threats like ransomware and phishing.