For many, National Go Fishing Day on June 18 marks the unofficial start of summer as anglers young and old break from their daily routine to spend time outdoors, baiting their hooks and casting their lines in hopes of reeling in a big catch. Fishing is a great pastime; it’s an opportunity to get out of the office, relax by the water and spend time solo or with family and friends. Unfortunately, your cyber defenses don’t get to enjoy the same luxury. In other words, phishing isn’t as much fun as fishing.
Phishing: The Ultimate IT Nemo-sis
In the last 12 months, phishing attacks have more than doubled. According to the FBI, phishing complaints have risen 1,100% in the last five years and was the most common type of cybercrime in 2020 with more than 241,000 reported incidents. While the frequency of attacks vary from industry to industry, 74% of all organizations in the U.S. experienced a successful phishing attack last year; a stat that is 30% higher than the global average and represents a 14% increase since 2019.
Following the shift to remote work in response to the pandemic, cybercriminals changed tactics. SaaS apps and remote networks opened new threat vectors. This created challenges for IT teams that were already stretched thin as cybercriminals used these attacks to prey on the fear, uncertainty and confusion that came with rapidly digitizing operations.
The most successful phishing attacks have been those with some hint of truth to them. The legitimacy of phishing emails is rarely questioned by distracted remote employees who have to juggle work and home duties. To make matters worse, attackers conceal their ruse by making it seem as if the emails were sent by a familiar source.
According to researchers at Check Point Software, five of the top 10 phishing brands in Q4 2020 were:
- Microsoft (43%)
- DHL (18%)
- LinkedIn (6%)
- Amazon (5%)
- Rakuten (4%)
Analysts from security training vendor KnowBe4 investigated “in-the-wild” phishing email subject headlines and found that some of the most popular ones in Q4 2020 included:
- Changes to your health benefits
- Twitter: Security Alert: New or Unusual Twitter Log In
- Amazon: Action Required | Prime Membership Declined
- Microsoft 365: Action Needed: Update the Address for your Xbox Game Pass Subscription
- Stimulus Cancellation Request Approved
- Google Pay: Payment Sent
Attacks relying on social engineering rather than technology are growing in numbers as it’s a more effective way of getting past many of the defenses offered by SaaS vendors like Microsoft and Google. Although their world-class data centers are prepared to safeguard data against any conceivable infrastructure threat, their native security functionality does not protect against human error and the consequences of brand impersonation, business email compromise (BEC) and account takeover (ATO) attacks. This implies that a deletion request from an authorized account on the tenant will be honored by the provider regardless of whether the request is intentional, accidental or malicious.
IT teams are desperately seeking ways to be more secure, catch more sophisticated attacks with real-time visibility and be more efficient by streamlining deployment, management and workflows.
It’s no surprise that phishing is one of the biggest nightmares for IT teams. At this point, it boils down to two choices: be bait or get Kraken!
Enjoy Go Fishing (Not Phishing) Day With Unitrends
Unitrends Unified BCDR enables protection for data no matter where it resides: on-prem, remote endpoints, or within cloud and SaaS applications. Security integrations, coupled with backup and recovery capabilities, augment the platform to help organizations reduce the frequency and severity of data loss.
Unitrends integration with Spanning Microsoft 365 Backup offers layered protection through automated phishing defense. Patented AI technology analyzes more than 50 attributes of employee communication to establish profiles of a trusted relationship. It also empowers employees to defend against phishing attempts with visual cues and actionable buttons, while automated feedback and workflow loops make investigation and resolution seamless for IT teams. On the back end, integrated dark web monitoring performs thousands of refined queries daily to proactively alert on accounts or credentials at risk.
Learn more about the industry’s most comprehensive data loss protection solution for Microsoft 365.