Q1. You recently wrote about the need for organizations to take a "team sport approach" to combatting the phishing threat? What would it take to implement such an approach and what can top management/the board do to help support the effort?
Implementing a team sport approach against phishing threats requires a well-defined security architecture that drives universal alignment between people, products, and processes across an organization’s attack surface. Take the people element, for example. With companies increasingly adopting cloud-based hybrid work environments, threat actors are leveraging phishing and other forms of social engineering attacks to exploit vulnerabilities driven by human error.
A team sport approach helps alleviate human error by combining the powers of products and processes into a unified line of defense. It starts with products that are based on open and extensible platforms which share Threat Intel and Telemetry with other parts of your layered defenses. Leveraging AI-enabled automation tool (product) empowers understaffed IT teams to enhance the operational efficiency of their phishing defenses.
A robust user awareness training program (process) that is contextually aware and consumable empowers hybrid employees to identify malicious links and work protected. Compounded at scale, this universal alignment among people, products, and processes elevates the security posture of the entire organization.
From the leadership level, ensuring the organization has ample resources and budget allocations in place to defend itself is obviously a critical component to combat phishing.
But more importantly, security leaders and the Board can support a team sport approach by taking proactive steps to both articulate and understand the correlation between cyber risk and business risk. This generates a collective understanding of the threat landscape, which fosters a heightened sense of urgency at every level of the organization. As cyberattacks continually rise in volume and velocity, everyone must be pulling in the same direction.
Q2. What should security teams know about 'angler phishing'? Besides user awareness training what other measures can organizations take to protect against the threat?
Angler phishing is a relatively new form of social engineering that leverages social media to deceive users into providing personally identifiable information (PII) or sensitive credentials. Unlike traditional phishing attacks that are email-based, angler phishing encompasses fake social media profiles appearing legitimate in order to gain the trust of victims.
The rise of social media has enabled employees and consumers to engage with brands more directly – issuing public complaints and criticisms in the wake of mistreatment, poor customer service, or damaged goods. Anyone with a Twitter account has likely witnessed an angry airline passenger firing off a flurry of rage tweets after their flight got delayed for the second time that day. Considering public perception is critical to brand loyalty and in turn revenue, companies must urgently address and remediate complaints to display a sense of commitment to their customers. Opportunistic threat actors exploit these situations for angler phishing by spoofing company social media accounts to engage disgruntled employees and customers under the guise of a concerned HR representative or customer service specialist. Then, they trick them into clicking on a malicious malware link that infects their device or steals information.
User awareness training is the first line of defense, but you can also promote best practices like multi-factor authentication and installing anti-malware to add another layer of internal protection. In addition, organizations should be proactively and continually advising their social media audience to only engage with verifiable accounts for customer service complaints. Place a disclaimer in the bio of your account and send out push alerts notifying customers of potential threats. Communication is a key component to the equation.
Q3. How does Mimecast aim to showcase its expertise and solutions at Black Hat USA 2023? How can organizations benefit from Mimecast's participation in the event?
Black Hat USA 2023 is a unique opportunity for us to connect with customers, partners, and industry peers about evolving tactics, techniques, and procedures (TTPs) across the cyber threat landscape. Traditional email-based attacks like BEC and phishing are still widely leveraged by modern-day cybercriminals, but amid widespread shifts to cloud-based hybrid work, new collaboration tools like Microsoft Teams and Slack have emerged as highly dangerous threat vectors in single-platform security environments.
In fact, our company’s State of Email Security (SOES) 2023 report cites that 33 billion electronic records are expected to be stolen in 2023 alone, and cybercrime is expected to cost the world $8 trillion in that same time frame. This places organizations at a heightened degree of cyber and business risk, underscoring the need for more focused and comprehensive collaboration tool security approaches across the cybersecurity community.
At this year’s conference, we will be showcasing our latest product offering, Protection for Microsoft Teams to extend the security protections we offer for email to this essential collaboration tool. Collaboration tools are a fertile breeding ground for cybercrime and pose a huge threat to organizations regardless of size or sector. From Fortune 500 global conglomerates to small businesses and school districts, the impact of collaboration tool attacks can extend well beyond temporary operational downtime or monetary losses.
We will also have lots of fun opportunities to network at our booth – be sure to swing by. Can’t wait to see you there!