One of the simplest yet effective cons to date that’s responsible for millions in business losses each year is the phishing attack. It entails sending an email disguised to look legitimate with the sole purpose of getting the user to click on a link or open an attachment, causing their computer (and potentially the entire network) to be infected with malware.
A common scheme is to disguise emails with Canada Post branding, to fool someone into clicking on a link about package they’re trying to deliver. Between January 1 and May 1, 2019, nearly 100 different criminal phishing attack campaigns were targeted specifically at Canada, with thousands of others also reaching Canada that were more broadly targeted.
Phishing attacks are one of the cybersecurity threats that Canadian businesses have to worry about every day and factor into their network security defenses to keep themselves safeguarded from a data breach.
But with these attacks only getting more sophisticated and harder to spot as they continue to evolve, it takes a multi-layered approach to properly combat them and reduce the chance of becoming a phishing victim.
88% of surveyed Canadian companies are concerned about future cyberattacks. (CIRA)
Why is phishing such a problem for companies?
In the 2018 Cybersecurity survey report by the Canadian Internet Registration Authority (CIRA), several concerning statistics were brought to light that indicate the need for vigilant safeguarding of devices and networks against attacks.
Just as most businesses employ multiple physical security measures to keep their property safeguarded from theft – locks on offices and main entries, security cameras, device screen locks – cybersecurity requires that same type of layered approach.
Phishing is responsible for 90%of all data breaches
Here are the various layers of protection that make up a robust defense against those dangerous phishing attacks.
One of the first lines of defense against a network attack is your firewall. Your firewall monitors incoming and outgoing traffic and can block any malicious threats that are coming your way or trying to exploit a computer.
For example, if a virus has infiltrated a computer on your network and is trying to send out spam from the email program, your firewall can detect unusual traffic patterns and hold that traffic until you have a chance to analyze the alert.
There used to be a time when it was easy to spot a phishing email. They would have obvious issues with grammar and misspellings and might use pixilated images.
But the phishing emails of today are much different. They employ sophisticated techniques to fool the user into believing it’s a legitimate email, like copying a real company’s logo and signature to make an exact replica of one of their emails that’s hard to tell from the real thing. They may even use your name and company name in the greeting or subject line.
This is a that reason anti-phishing email applications are an important layer to your cybersecurity plan. They look at the code behind the email and put anything suspicious into quarantine, keeping it from being mixed in with legitimate messages in your inbox.
Many also have sandboxing which helps reveal those “sleeper” viruses that pretend to be innocent until they’re past antivirus defenses. Sandboxing puts a suspect script into a virtual environment where it thinks it’s in your computer and thus will reveal its true intentions and can immediately be identified and removed.
The reason phishing is so successful in causing data breaches is because it targets humans and often uses tactics like threats or promises of a purchase order to fool them into downloading a malicious script.
Ongoing employee training is vital to strengthening your last line of defense against data breaches via phishing attacks. This includes teaching employees to:
Many data breaches happen because an operating system, hardware, or software patch wasn’t applied. Too often, businesses rely on individual employees to keep their network-connected computer updated when a new update or patch becomes available, but often they’re too busy at the time and forget to install it, leaving the system vulnerable.
According to the CIRA report, 67% of the Canadian businesses surveyed use an outsourced managed IT provider for at least part of their cybersecurity. A valuable part of this type of service is that they keep all systems updated with those vital security patches to ensure there are no holes in your IT security infrastructure that can be exploited by malware.
Haxxess Enterprise Corporation offers affordable and customized cybersecurity services for businesses in Sudbury and Northern Ontario. Don’t leave yourself unprotected. We can help your business avoid becoming the next data breach victim.
Book a complimentary IT security chat with us today! You can also reach us at 705-222-TECH (8324).