According to Internet records, the first recorded mention of the term “phishing” occurred in a Usenet newsgroup called AOHell and was recorded on January 2, 1996.
The word was coined by hackers stealing America Online accounts and passwords. By analogy with the sport of angling, these Internet scammers were using e-mail lures, setting out hooks to "fish" for passwords and financial data from the "sea" of Internet users.
Since then and 25 years on in cyber years, you’d need to have been on another planet if you’d not heard the term and have some level of protection in place for your organisation.
We good guys in cybersecurity teams know a thing or two about phishing. Most have deployed solutions that improve their security, educate their staff, save IT admin time and reduce the risk of data theft.
Hackers have moved on from the gunslingers of old but, scarily, the results can be just as devastating. Pulling off the ideal hack can take months, if not years, of gathering data. Your own business may not even be the target yet, it may be merely facilitating someone else’s hack because it’s a weak link.
Just as hackers have moved on, so has technology. In the life of a busy cybersecurity team with so many projects on the go, it’s easy to put a tick in the “renew” box without checking to see if you’re getting the best security for your organisation – let alone the most competitive rate. In a highly competitive market, what seemed like a great deal 3 years ago, could be very light on the right feature set today.
Social engineering is big business so hackers look for weaknesses in markets. This has been highlighted especially over the past year during the pandemic with new breaches in a wide range of sectors happening with increasing frequency.
Finding an email security provider that understands the needs of the sector you’re in is extremely important. One size doesn’t fit all and finding a supplier with the right credentials and industry knowledge who can tailor their solution to meet the needs of the business - at a compelling price point - is the key.
The Bad WATCH THE ON-DEMAND WEBINARYes, of course, you should be worried about hackers impersonating huge organisations such as World Health Organisation and the HMRC, but it’s just as likely they’ll take on the persona of a Chief Executive, Head of Department, or someone you deal with regularly such as a supplier. And they’re unlikely to present themselves in cowboy boots and Stetson, so appearance isn’t everything.
Attacks can take many forms and continually become more diverse. The aim remains the same – it’s always to steal credentials by posing as an authorised individual. Now they go even further and use combinations of email, phone, text messages, where cybercriminals will go through the trouble of learning a little about their targets before reaching out.
This is why spear phishing has turned out to be lucrative for those who carry it out. These tailored attacks require more individualised web pages than the broad-brush attacks that preceded them, further fuelling the massive rise in successful attacks.
Shortcodes and HTTPS also make it easier to land a successful phishing attack, with shortcodes obscuring destination URLs, one of the recommended ways to check if a link is legit. And HTTPS encryption protocols make it easier to hide malicious content on benign domains, which may prompt a site visitor to let their guard down.
Any ‘double-take before clicking’ that savvy users started to do is becoming more impossible to spot.
The Ugly WATCH THE ON-DEMAND WEBINARNot all email security solutions are created equal and sometimes all isn’t what it seems - even with some of the biggest brand solutions. I won’t go into the high profile breaches that have occurred this year alone – they are well documented for anyone wishing to do their research.
Getting the balance right between features and cost is even more important when security teams are faced with extra challenges faced following the exodus to home-working. If an email solution is feature-rich it can be cost-prohibitive. Businesses then make stark choices which leave them exposed.
The Showdown WATCH THE ON-DEMAND WEBINARYou can have it all and every good movie loves to keep its audience guessing until the very end. The ‘Mexican Standoff near the close of TGTB&TU being no different. There’s a sense of suspense around the spiralling numbers of attacks vs the cost of doing everything businesses can combat a worsening situation. The emphasis this year more than any other should be about being able to do more for less.
The key thing here is to note the majority of email security solutions on the market have a modular licensing system that charge for each feature separately (Phishing, URL scanning, BEC, AV etc). This all starts to mount up when you realise you need encryption and archiving too.
The market is changing all the time and my advice would be to review any security requirements regularly and be ready to make the switch if there’s a better deal way before the renewal becomes due. Going with existing suppliers is the easy option when faced with staff constraints, but you could be missing out on better features on cost savings.
With the risks increasing, download this simple to use infographic that will help your team understand more about those risks and how to avoid them.
Download the InfographicJoin Shaun McKay, a CIO with a breadth of experience across the technology sector discussing his email security experiences.
There’s a lot of talk about the challenges of email security and how best to address them. Our aim is to share our experiences across a number of key sectors through your eyes.
Shaun McKay, a CIO with a breadth of experience across the technology sector, will talk about his email security experiences, referencing companies like Everyman Cinemas, South Eastern Railways, Trespass, Colleg Gwent and a host of others. He’s seen the good, bad and the ugly, so he’s well placed to give an insight into how best to avoid the ugly and keep the bad out.
In our session, Shaun will:
We hope you will join our event. Spaces are usually in high demand so please make sure you register early.
Shaun McKay, Consulting CIO
"Attacks on critical infrastructure disrupt the country and public services causing reputational damage to Governments and their Departments"
Challenges faced
High-value assets
Regulation
Day to Day
"Identified as a significant target area for cybercriminals as it’s a soft target recognised for paying demands to avoid reputational damage"
Challenges faced
Data
Diverse users
Technical limitations and dependencies
"National and local government face disruption when attacks occur on critical infrastructure as they have the potential to disrupt the whole country and its public services"
Challenges faced
Data
Diverse user base
Technical limitations and dependencies
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.
The dangers of complacency
(in fact, pretty much don’t auto-renew anything in life!)
Things to consider when an email security vendor is acquired by a bigger beast
myredfort looks at email security for all with Libraesva
Email Security: Removing the guesswork
Email Security for all with LibraESVA
Libraesva email security solution wins top 2 awards
Email Security, Archiving & Encryption