We recently hosted a webinar, “How to Shut Down a Phishing Attack at the Beginning of the Cyber Kill Chain,” to outline tools, tactics and best practices to safeguard your entire digital footprint. If you missed the live webinar, you can read some of the highlights from the session below or watch the recording on demand.
Much of your attack surface resides on web infrastructure you don’t own or control. To protect your digital assets and thwart malicious lookalikes on everything from social networks to criminal marketplaces, you must shift security priorities from prevention to detection and remediation.The key learning objectives for this webinar were to:
- Understand why security priorities must shift from prevention to active detection and remediation.
- Understand how to align activities to three core steps of digital risk protection: Map, monitor and mitigate.
- Take away practical tools and techniques, like sample classifications and decision-tree diagrams.
Here are some of the highlights and key takeaways we presented in the webinar.
Phishing scams are growing more sophisticated – and easier for hackers to run
Over the past few years, we've observed a 151 percent increase in financial services web assets being targeted; a 297% increase in retail phishing websites; and a 91% increase in corporate email addresses found on phishing target lists. These numbers demonstrate the significant risks of threat actors levying attacks against all organizations, but particularly those in retail and finance.
So, why is phishing more prominent than ever today?
The introduction of "phishing-as-a-service" lowers the hacker barrier to entry. Cybercriminals now deploy phishing at scale; it’s no longer dependent on the hackers’ skills. Phishing “kits” streamline the process and increase the potential spread of attacks. This enables novice hackers to easily run phishing campaigns and rapidly change domains.
There is further cause for concern when you consider how unaware many employees are about the prevalence of phishing scams. People struggle to identify phishing attacks, even when prompted. A survey found that 45 percent of respondents were either unsure about or simply could not accurately identify phishing attacks. This indicates that organizations are at risk any time a single employee receives a malicious email and unknowingly opens it.
Phishing attacks aren't going away any time soon. Protecting your organization from them is crucial, and the most effective way to do that is to shut them down before they become full-fledged attacks - and before it's too late.
Watch the full webinar on demand for a deep dive on shutting down phishing attacks before they threaten your organization.