In light of the news that nearly half of the cybersecurity incidents reported to the ICO are phishing attacks, please see a comment from David Emm, principal security researcher at Kaspersky Lab, addressing how enterprises can defend from cyber attacks.
David Emm, Principal Security Rresearcher at Kaspersky Lab UK:
“The fact that phishing scams account for nearly half of the cyber incidents reported to the ICO clearly shows that it remains a tactic favoured by cybercriminals, and highlights that more needs to be done to tackle this within organisations. One particular strategy which cybercriminals are utilising in order to steal money and gain access to corporate data is that of BEC (Business E-mail Compromise) – a form of phishing specifically targeted at business, especially SMBs. With this new method, cybercriminals gain access to a corporate email account and mimic the owner’s identity to trick employees, customers or partners into approving money transfers to illegal accounts.
“There are some tell-tale signs that indicate that something is a phishing message (for example, banks and other organisations never send e-mails asking for confidential data) so if employers receive such an e-mail, they should assume that it’s phishing. Remember, if it looks important, and you’re not sure, you should always call to check. Phishing relies on social engineering, i.e. manipulating human psychology. There are always new ways to try and trick people, and just like road safety, it’s best to adopt a security culture that will keep you safe in any situation – not just some that you’ve practised. For example, it’s best never to click on links in e-mails; if you adopt this rule, you never need to rely on being able to distinguish a real from a phishing link.”