Stopping Phishing and Ransomware Across All Channels
As cybercriminals turn to new channels like collaboration platforms, organizations are losing confidence that attacks can be stopped.
- Phishing and ransomware have been increasing in frequency and severity, despite cybersecurity teams’ sustained battle against these attacks.
- As organizations have become better at protecting email, the main channel of attack, crooks have turned to text, voice messaging, social media feeds and apps.
- The pivot to remote work has also led to an increase in attacks via collaboration platforms.
Cyber criminals are always finding new ways to execute phishing and ransomware attacks. No longer stopping at email, their primary line of attack, crooks now launch exploits across several channels including collaboration platforms. Making matters worse, organizations are less well prepared to defend channels other than email, according to How to Reduce the Risk of Phishing and Ransomware, a new report from Osterman Research.
Changing Channels of Attack
Email phishing remains a pain point, as the Osterman report points out. It compromises communications channels that are vital to getting work done today, delivering ransomware and other malware and enabling credential theft, payment fraud and much more. But as phishing has evolved beyond spam emails, the report warned organizations to pay attention to other growing threats.
For instance, the old-school “click here to collect your prize” emails have given way to social engineering attacks that take advantage of information available online to impersonate colleagues or bosses and get past a target’s defenses. And as more business activity has moved online, crooks have picked up more channels to break in and carry out their fraud. Among new phishing channels, “smishing” uses text messages, “vishing” exploits voice mail and “angler phishing” infiltrates social media messages.
With the explosion of remote work during the COVID pandemic, fraudsters have found another channel ripe for attack: collaboration platforms and apps like Slack and Google Docs. As companies adjusted employees’ workflows for remote work, they increased their reliance on collaborative tools, and cybercrooks followed. After all, many collaboration platforms are designed to share files among multiple users, so attackers can sometimes infiltrate them without detection.
These platforms have become an attractive option for cyber criminals to load ransomware and other malware to extract data. A recent Cisco report noted a sharp increase since the start of the pandemic in instances of fraudsters exploiting the ability to slip by a company’s defenses by using this legitimate channel.[i]
Limited Confidence in Ability to Protect Many Channels
Barely 16% of organizations made it through the past year without experiencing at least one phishing or ransomware incident, Osterman says, and many suffered multiple attacks. According to the Department of Homeland Security, businesses paid about $350 million in ransom in 2020, more than 300% over the year before.[ii] Six out of 10 organizations were hit with a ransomware attack in 2020, and were down an average of six days while recovering, according to Mimecast’s State of Email Security 2021 report.
Organizations are only halfway confident in the ability of their employees to recognize phishing attempts in their emails, according to the Osterman report, and even fewer feel confident that staffers could recognize phishing attempts via other channels. While 45% of those polled felt confident that all employees in their organization could recognize phishing emails, their confidence dropped to 34% when talking about other kinds of phishing, such as text, social media messages, rogue apps and malicious pop-up ads online.
Solutions Range from the Basics to Artificial Intelligence
Many of the same basic best practices that protect against phishing will also protect your organization against ransomware. And regardless of the channel of attack, a good defense starts with security awareness and technology tools to verify users and block suspect files. “Organizational preparedness to mitigate phishing attacks is a blend of technology, process and people factors,” according to the Osterman report.
Using multifactor authentication (MFA) is considered to be the best defense against both phishing and ransomware; 74% of survey respondents said it was an effective tool against phishing, and 78% said it was effective against ransomware.
By asking users to verify their identity when signing on (usually with a code sent by text or email, but also increasingly with biometric identifiers like fingerprints), MFA makes it harder for crooks to use compromised credentials to break into systems. Businesses have gotten the memo: One survey recently found MFA was the top security technology adopted after the work-from-home pivot.[iii] Establishing bring-your-own-device policies to enforce stronger security and authentication can also help protect your system from unauthorized access via cellphones, laptops or other devices employees may use to sign on remotely.
Security awareness training was also rated effective against ransomware and phishing. Nearly two-thirds of organizations in the Osterman survey vouched for the effectiveness of programs to address people factors such as password hygiene and security of home systems and personal devices.
Awareness by itself won’t protect the organization, though. Removing suspect emails from mailboxes is one of the most effective actions against phishing, mentioned by 62% of the Osterman survey respondents. Patching vulnerabilities found in software and applications as soon as possible was mentioned by 64% as a good way to close any back door that fraudsters could use to stage a ransomware attack.
Many survey respondents (77%) also said they’d begun using artificial intelligence (AI) and machine learning to better detect, triage and mitigate security threats, while prioritizing high-impact incidents for hands-on analysis by their security teams. For example, AI can detect targeted email threats by learning normal patterns of email within an organization and then detecting anomalies that can be compared with other indicators to tag risky email.
The Bottom Line
Today, many channels of communications and collaboration can deliver the twin threats of phishing and ransomware. Organizations lack confidence that they can protect email — but they’re even less confident about newer channels. Luckily, just as both phishing and ransomware dovetail, the best practices to fight them are also multitaskers across many channels. Enterprises need to dedicate time and resources to achieving basic best practices and considering the latest innovations in cybersecurity.
[i] “Sowing Discord: Reaping the benefits of collaboration app abuse,” Cisco Talos
[ii] “United States Government Launches First One-Stop Ransomware Resource at StopRansomware.gov,” Department of Homeland Security
[iii] “Nearly 75% of Enterprise Security and Risk Managers Plan to Increase Multifactor Authentication Spending,” 451 Research
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!