Proofpoint’s Adenike Cosgrove provides best practices for enterprises who may invest heavily in security systems but are still left vulnerable due to human behaviours.
Over the past decade, cybercriminal activity has evolved in both its purpose and sophistication, raising the game for information security professionals across the globe. In the past, the purpose of information security was to prevent mild viruses and spam malware attacks, which tended to originate from lone actors celebrating their ability to mildly irritate businesses from their own self-contained, solipsistic bubbles.
Today, enterprise IT security teams face a far more serious threat, which is exacerbated by three drivers: exponential data growth, an increasingly mobile workforce and; added complexity in the datacentre.
This complex and evolving set of challenges has been exploited by a thriving cybercriminal community, which has organised itself to pose a genuine threat to the daily functionality of businesses and governments worldwide. For enterprises, this has lifted IT security from a necessary support function, right up to a boardroom-level priority.
A new wave of cybercrime infiltration
Cybercriminals have always focused on exploiting weaknesses within businesses to carry out attacks. In the past, they would look for vulnerabilities within software packages, and while this continues to take place, a new flaw has been identified: people.
Rather than relying on system weaknesses to infiltrate networks as they tended to in the past, cybercriminals are instead exploiting human flaws to implement damaging and costly malware attacks.
A recent Proofpoint report, based on analysis of attack attempts across more than 5,000 worldwide enterprise customers throughout 2016, confirms this. The investigation, which provides deep insight into attack trends across email, mobile, and social media communication channels, finds that human-targeted campaigns were in fact the most common last year.
Cybercriminals have become more aware of the need for personalisation to succeed in their malware campaigns. By identifying specific times and days of the week, they use automation tools to increase the volume and click-through rates of their campaigns, which can have disastrous consequences for businesses.
Whereas in the past, attackers tended to focus their efforts on targeting CEOs and CFOs, today they direct their campaigns at broader groups of employees. Such business email compromise attacks rose by a worrying 45 per cent just in the last quarter of 2016. At the same time, ransomware exploded on the scene and targeted attacks grew to include new vectors used in tandem with email.
Cybercriminal activity has not stopped with business email. Increasingly, attackers are taking advantage of employees’ mobile devices. Though not new, SMS phishing which targets consumers and enterprises is on the rise, and actors are introducing new techniques to increase its effectiveness.
Because there are no commercially available SMS inbound filtering products as there are with email, attackers have discovered that sending SMS messages can be highly effective for tricking users into handing over their banking credentials. This is further complicated by the fact that the small screens of mobile devices make it difficult to determine whether websites are fake.
In the past, SMS phishing usually involved a text message with a single link to a fake account login page, often for telecoms and other accounts. By late 2016, a trend was recorded of attackers adding new techniques and twists to better optimise the potential effectiveness of SMS phishing schemes. In all, mobile clicks on malicious URLs doubled, highlighting the importance of protecting devices beyond the physical boundaries of the enterprise.
As if data security professionals didn’t have enough on their plate already, cybercriminals have also taken to social media. Indeed, fraudulent social media accounts became a major feature of the threat landscape in 2016. These so-called “angler phishing” attacks—where a fake customer-support account promises to help customers, but instead attempts to steal credentials—grew by an astonishing 150 per cent in 2016.
So how can enterprises prevent cybercriminal infiltration?
The first step for information security teams is to deploy protection that works within the flow of email, which can prevent attacks before they have a chance to reach the organisation’s employees, partners and customers. With the right software, IT teams can detect criminal threats within attachments and URLs by carrying out threat analysis services that use multiple approaches to examine behaviour, code, and protocol. Implementing a multi-layered defence strategy is imperative in today’s world, and the earlier in the attack chain malicious content is detected, the easier it is to block, contain, and resolve those threats.
More than 90 per cent of targeted attacks start with email, and these threats are always evolving. Information security teams must therefore consider the deployment of cloud-based sandbox analysis services that can be scaled to protect everyone within the organisation. This service can identify malicious campaigns and uncover new attack tools, tactics, and targets so the next attack is easier to identify and prevent.
Field workers are an increasing source of clicks on malicious links. For those organisations that have employees working in the field, data managers will need to ensure their strategy accounts for this and provides the same level of security controls to mobile phones, tablets and other devices as they do with company-owned PCs in the office.
A key consideration is the time it takes to respond to incidents, should they arise. Information security teams will need to deploy a solution that enables it to retract malicious emails that have been delivered to users’ inboxes. When sourcing a solution, security teams should ensure it can move malicious email out of users’ hands and has the ability to find and remove any copies of those messages that were forwarded.
Timing is everything and cybercriminals know that hitting an organisation’s employees with a well-crafted email at just the right time yields the best results. Teams responsible for SecOps will need to ensure they have the right tools at hand to gain real-time visibility – not only into attack patterns, but also into employee behaviour, to understand who is most likely to click and when.
There were dramatic shifts in the threat landscape in 2016 and it is clear cyberattacks are more prolific, sophisticated and potentially detrimental than ever before. By exploiting human behaviour across email, mobile and social media, attackers have found new ways to extrapolate sensitive data at the expense of enterprises. And with GDPR around the corner, data security is now business critical to all organisations, large or small.