Jan 16, 2022
64 Views
0 0

Real Big Phish: Mobile Phishing & Managing User Fallibility

Written by

Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
According to a recent survey from Ivanti, nearly three-quarters (74 percent) of IT professionals reported that their organizations have fallen victim to a phishing attack – and 40 percent of those happened in the last month alone. Increasingly, mobile phishing is the culprit.
What’s more, nearly half of these professionals cited a lack of the necessary IT talent as one of the core reasons for the increased risk of phishing attacks.

So how can organizations overcome the sudden increase in security threats and regain the upper hand against bad actors with fewer resources than ever before? Increasingly, it looks like zero-trust will become the ideal approach for doing more with less, because ultimately, it’s the users and their cyber-hygiene that’s the first line in phishing defense.
Let’s take a look at the latest phishing trends.
As organizations across all industries have shifted to distributed work environments, it’s no longer the task of security teams to manage access to data and systems from a specific location. Rather, employees are accessing work-related information on their personal devices from locations all over the globe, making it significantly more challenging for IT personnel to track and verify each and every connected device.
Because of this shift, bad actors have evolved their phishing attacks and are now focusing their efforts on employees’ personal mobile devices – and as our survey results showed, are finding great success with this approach. Hackers have also been leveraging botnet infections to harvest legitimate emails to create more convincing phishing attacks that are highly effective. This is concerning, as phishing attacks often evolve into ransomware attacks. 

The annualized risk of a data breach resulting from phishing attacks has a median value of about $1.7 million, and a long-tail value of about $90 million – and this high risk for your organization proves a high reward for bad actors. Recent research from Aberdeen further emphasizes this risk, finding that attackers have a higher success rate on mobile endpoints than on servers.
As anyone, no matter how technically savvy, is at risk of falling victim to phishing attacks, it’s vital that organizations rethink their approach to security as a whole to combat these threats.
Your company’s security lies first and foremost in the cyber-hygiene of employees – and that’s why the user experience should be a core focus of any security strategy. As remote work establishes itself as the new normal, ensuring that best practices are as simple as possible to complete will make or break your security efforts. And a zero-trust approach can provide organizations with the best of both worlds.
Zero-trust security requires organizations to continually verify any and all devices that are connected to its network every single time, with zero exceptions. As part of a zero-trust strategy, organizations should look to the following strategies:
Through these tactics, organizations can streamline key security processes and continually secure all endpoints to minimize threat risk faster than ever before. 
The modern threat landscape has transformed entirely – and as new avenues and opportunities for phishing scams arise, bad actors will continue inventing new attack tactics, hoping to outsmart your organization’s employees and make them take the bait.
As a result, organizations can no longer rely on traditional security protocols to protect themselves in the work-from-anywhere environment, especially since users continue to be a weak link.
After all, the Ivanti survey found that one third (34 percent) of those surveyed blame the increase on phishing attacks on a lack of employee understanding, and even fewer (30 percent) said 80-90 percent of their organizations had completed security trainings offered by their companies.
Luckily, by implementing a zero-trust security strategy – including implementing multifactor authentication, automating security updates and more — organizations will be better equipped to mitigate these threats as they arise and protect their business-critical systems and information. 
Neither your employees nor bad actors intend to go back to the way they used to work. It’s time your security strategy adapts to the modern business landscape, too.
Daniel Spicer is Chief Security Officer at Ivanti.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.
 
 
Share this article:
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
1.8M+ attacks, against half of all corporate networks, are attempting to exploit #Log4Shell, including with a new r… https://t.co/dDky1faadm
4 weeks ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source

Article Categories:
Vulnerabilities

Comments are closed.