Each year I wonder if phishing will eventually be less of a problem than it has been the previous year, but 2020 certainly didn’t relent on the abuse of email and websites as an attack vector. Most organisations we see have a strategy in place to protect against phishing and malicious emails coming through their gateway as best they can. While attacks are still successful, the rate of protection compared to 10 years ago is significantly better today than it was. The Verizon Data Breach report highlighted that phishing and the abuse of stolen credentials took the number one and two spots in the top threat actions in 2020, which won’t be a surprise to many.
As the level of protection has increased, criminals are having to be more creative to exploit both technical and human weaknesses to make their money. Email spoofing and the abuse of lookalike domains is one of the most common attack vectors that we see at Saepio. A fake website, identical to a genuine site with a customer login page, or invoice payment screen designed to manipulate users or partners to putting in credentials or even making payments. When you consider how many permutations of a brand there is, it starts to become a real challenge in staying ahead of new attacks.
Identifying, protecting, detecting, responding and recovering is often not applied as a methodology when looking at these kinds of attacks, but it should be.
During our event with our partner Mimecast on the 1st of April we’ll be taking you through how to create a comprehensive strategy to ensure the ability to identify, protect, detect, respond and recover be applied to all your owned domains and websites, but also the ones you don’t own. As we can become a more digital society our online brands and trust that customers place in us to protect them when they see our logo is an important business initiative. Together with Mimecast we will be introducing email 3.0, being able to break your email and web security strategy into zones.
By applying the same strategy across all three zones, security teams can ensure they stay one step ahead of attacks and even be able to take them down before they start having an impact on clients and partners.
We hope you can join us for the session.