Blog / Phishing Attacks Are Overtaking Ransomware
The hacks you need to defend against these days are phishing attacks.
When it comes to hackers’ preferred cybersecurity attacks, the computer industry goes through phases. For a long time malware was the main agitator, and the main advice you heard was just to put antiviral software everywhere. Over the past few years there’s been a lot of discussion about ransomware and the huge paydays it can produce. Of course, like everything else computers are constantly changing (often faster than everything else even). And that means nowadays ransomware is giving way to phishing attacks as hackers preferred modus operandi.
As the lead cybersecurity specialist at TRINUS, I get involved whenever a security situation arises for one of our clients. Over the years we have been contracted for help with a few ransomware related situations, but you could count them all on one hand. On the other hand, there have been approximately a dozen situations where users have had their credentials stolen through phishing emails. And that’s in just the last 12 months. What’s more, this situation is fairly standard across the industry, where there are a few big incidents caused by ransomware, but actually over 80% of cybersecurity incidents are caused by phishing.
One of the common factors seems I’ve seen while dealing with these incidents is that users appear to have an unwarranted level of trust in the contents of their inbox. After all, emails in your inbox are only there because they’re passed through all the various automated defenses right? Well, the most effective defenses against spam are the ones that check information about the sender (IP address, SPF record, etc.), but that’s not where the problem is when it comes to phishing. The dangerous part of phishing attacks are email contents, and computers are spectacularly bad when it comes to analyzing content context for socially-engineered attacks.
The damage an attacker can do with email is often underestimated. Also, there is a common assumption that emails in your inbox are clean and trustable. This is exactly the human behavior that phishers look to exploit. Remember, the focus of a phishing attack is not the computer, but the user. That means investing in user training to identify phishing attacks an essential part of your cybersecurity profile.
Todays Shakespeare quote is a simple one from King Lear; “I’ll teach you differences.”
For more information about phishing attacks and how to train employees to spot them, contact TRINUS today and get yourself some stress-free IT.