blog BEC phishing.png
The 2018 Telstra Security Report uses data from more than 1,250 decision-makers globally to present a view into the most prevalent and pervasive types of security threat and recommend ways to combat them.
Malicious emails were the primary weapon of choice for cyber attackers in 2017, with phishing and business email compromise (BEC) topping the list. Telstra’s research shows that criminals are increasingly using social engineering to hijack accounts and trick organizations into wiring large amounts of money into these accounts. In today’s age of social, omnichannel connections, these attacks are becoming more difficult to spot until it is too late.
Attacks are inevitable. So how can you protect your organization from BEC, phishing campaigns, and other email threats?
Employ Adaptive Authentication
Adaptive authentication goes beyond multi-factor authentication (MFA), providing high levels of security across any identity, application and device.
- Using adaptive authentication is 3,000 times more secure than two-factor authentication (2FA) alone, and it is also user-friendly – end-users are only prompted for a second factor if a risk is detected.
- Passwords are detrimental to security and usability. Phishing campaigns are often attempts to steal password credentials. Adaptive authentication provides a strong foundation for eliminating passwords, thereby removing one layer of vulnerability.
- Office 365 is a prime target for business email compromise: more than 70% of deployments have at least one account compromised every month. Implementing an adaptive authentication solution for Office 365 with features such as SMS phone fraud prevention, pre-authentication access controls and MFA DDoS prevention allows you to automate response and remediation activities.
Perform Security Audits
As the Telstra report points out, security should be continuously reviewed. System audits are a strong starting point to evaluate the state of your security posture, so you can determine any steps needed to strengthen it.
Penetration testing is a great place to start. Pen-tests evaluate the security of your IT infrastructure by safely trying to exploit vulnerabilities. Conducting regular pen-tests allows you to assess security weaknesses in applications, servers, networks, IoT devices, supervisory control and data acquisition (SCADA) systems, and end-user behavior – in an environment that mimics a real attack. Knowing your unique vulnerabilities enables you to adapt systems and policies, be better prepared, and ultimately reduce time spent on remediation.
One critical element to any security posture should be to ensure that employees are aware of security risks and are trained on how to avoid them. Training should go beyond simple defense: if your employees know the reasons behind your corporate security policies, they will be more likely to comply. Setting up tools such as adaptive authentication, single sign-on (SSO) and user self-service makes it easy for your employees and other approved users to do the right thing.