Gadget

That delivery address request is probably a scam

Phishing isn’t new. This social engineering tactic has existed in attackers’ toolboxes for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data.

There are plenty of data points that illustrate the effectiveness of this attack method. According to the Fortinet 2023 Global Ransomware Report, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully.

While malicious actors always attempt to craft legitimate-looking phishing communications, some cybercriminals excel at this more than others. Historically, phishing communications have often been easy to spot because of careless drafting, with a lot of spelling errors and incorrect grammar.

Yet as AI-driven content tools become more broadly available at low or no cost, cybercriminals are turning to these technologies to advance their operations. One way they’re doing this is by using AI to make their phishing emails and text messages appear more realistic than ever before, increasing the chances they’ll succeed at getting their unsuspecting victims to click on a malicious link.

Derek Manky, Chief Security Strategist & Global VP Threat Intelligence at FortiGuard Lab

As we usher in a new era of AI-crafted communications, employees have an even more critical role in defending their organisations against attempted breaches. However, simply advising employees to look for “traditional “attributes of phishing is no longer enough to keep organisations safe.

Beyond investing in the right technologies, such as enabling spam filters and implementing multi-factor authentication, employee education can make or break efforts to safeguard organisations from phishing and ransomware.

Phishing remains the number 1 delivery method for ransomware

According to recent research, phishing remains the number one attack vector associated with ransomware delivery. And it’s easy to see why it’s the vector of choice, as attackers continue having success with this tactic. According to data from phishing assessments conducted by the Cybersecurity and Infrastructure Security Agency, 80% of organisations had at least one employee who fell victim to a simulated phishing attempt. 

Ransomware continues to impact organisations of all sizes across all industries and geographies. And while most business leaders believe they’re ready to defend against ransomware (78% say they’re “very” or “extremely” prepared to mitigate the threat), half fell victim to a ransomware attack in the past 12 months.

Employee education efforts to protect the enterprise against phishing

Because most ransomware is delivered through phishing, employee education is essential to protecting organisations from these threats. That said, there’s no single one-size-fits-all education program. These training efforts should be tailored to the enterprise’s unique needs. Below are several types of services and programs that are designed to help users understand and detect phishing and other cyberthreats, all of which can serve as a great starting point for building a comprehensive employee security awareness program.

Security awareness programs help organisations stay ahead of threat actors

As with the introduction of any new technology, cybercriminals will continually find ways to use these tools for nefarious purposes. This requires security teams and every employee in organisations to become even more diligent in guarding against threats. That’s why it’s vital for organisations to evaluate and evolve their current cyber-awareness program, ensuring learners and employees have the most updated and relevant knowledge to keep them (and the organisation’s data) safe.

* Derek Manky is Chief Security Strategist & Global VP Threat Intelligence at FortiGuard Lab and Rob Rashotte is Vice President, Global Training & Technical Field Enablement at Fortinet

Exit mobile version