By Sudip Banerjee, CTO, Asia Pacific & Japan, Zscaler
As we progress into the digital era, the threat of cybercrime continues to grow at an alarming rate. Among the most prevalent forms of cybercrime, phishing has seen a staggering 472% surge in attacks in the past year alone. The ThreatLabz 2023 Phishing Report reiterates that organisations need to be more vigilant than ever when it comes to protecting themselves and their customers from phishing scams, as phishing attacks rose nearly 50% in 2022 compared to 2021, and education was the most targeted industry, with attacks increasing by 576%. The report also reveals that the US, the UK, the Netherlands, Canada, and Russia were the top five most targeted countries, and Microsoft, Binance, Netflix, Facebook, and Adobe were the top targeted brands in 2022.
Cybercriminals are effectively leveraging emerging technologies, AI tools such as ChatGPT, and phishing kits to reduce technical barriers, save time and resources, and expand attacks. As cybercriminals continue to use a variety of tactics to lure victims, it is crucial for businesses to adopt a multi-layered approach to security. Today, Zero Trust has emerged as one of the most effective security measures due to its proactive and comprehensive approach to protecting data and systems. Unlike traditional security models that rely heavily on perimeter defenses, Zero Trust operates on the principle of “never trust, always verify.” This means that all users, devices, and applications are treated as potentially untrusted, regardless of their location or network environment. This eliminates the assumption of trust within a network, which helps to mitigate the risk of insider threats, compromised credentials, and lateral movement. Such an approach mitigates the risk of insider threats, compromised credentials, and lateral movement by enforcing strict access controls and continuous authentication. By adopting Zero Trust, organisations can establish a layered defense strategy that mitigates the risk of phishing attacks.
Here’s how Zero Trust can help combat the surge in phishing attacks:
Implement security control
To combat phishing attacks effectively, organisations should implement a range of security controls. These controls include email scanning to inspect emails for malicious content before they reach the organisation’s perimeter, enabling users to report phishing attempts for quick action, and implementing multi-factor authentication to strengthen login security. Encrypted traffic inspection is essential to prevent attackers from bypassing security measures, while antivirus software and advanced threat protection tools help identify and mitigate known and unknown threats. URL filtering and regular patching of software and systems further reduce vulnerabilities. Employing a zero-trust architecture ensures that even if a phishing attack is successful, the damage is limited through granular segmentation, least-privileged access, and continuous traffic monitoring. Finally, integrating threat intelligence feeds enhances detection and resolution of phishing threats by providing updated contextual information.
Enhance security awareness training
Following the guidance from the US Cybersecurity Infrastructure & Security Agency (CISA) or National Cybercrime Training Centre (NCTC) in India, organisations should educate their employees to be vigilant for indicators of phishing attacks. These indicators include suspicious sender addresses, generic greetings and lack of contact information, spoofed hyperlinks and websites, poor spelling and layout, and suspicious attachments. By training employees to recognise and respond to these indicators, organisations can effectively mitigate the risk of phishing attacks.
Identify phishing pages
Phishing pages can be identified by specific tactics used by threat actors to deceive users and bypass security systems. Additionally, threat actors often take shortcuts when creating new phishing pages. These pages tend to increase in number during holidays and other notable events. For instance, during the pandemic, attackers exploited the situation by creating numerous fake COVID-19 websites, posing as health organisations or sites for ordering test kits and medical supplies. To effectively detect the most recent phishing threats, it is crucial to remain updated with the latest research and incorporate actionable intelligence that includes up-to-date indicators into your detection rules and response workflows.
Adopt effective cybersecurity countermeasures
Implementing security measures such as firewalls, antivirus software, and spam filters can help protect businesses from phishing attacks. These tools can help detect and block suspicious emails and websites before they reach employees. Additionally, implementing two-factor authentication and password management policies can make it more difficult for attackers to access your data even if they manage to steal login credentials.
By inspecting all web traffic for encrypted connections, businesses can identify and block potential threats, including phishing sites that may be disguised as legitimate websites. This inspection can prevent users from accessing malicious websites and help protect against attacks that use SSL/TLS encryption to evade detection. In addition, a Zero Trust Exchange architecture will allow users to connect directly to applications rather than a network. By doing so, it can prevent malware from spreading laterally and stop insider threats. The Zero Trust Exchange also inspects data in motion and at rest to prevent data loss from an active attacker.
In conclusion, phishing attacks can have a devastating impact on businesses, but with the right technology and security measures in place, organisations can reduce their risk and minimise the impact of these attacks. Full TLS/SSL inspection, browser isolation, policy-driven access control, and the Zero Trust Exchange are just some of the key features and capabilities that businesses can leverage to protect against phishing attacks and keep their sensitive data secure.