Intelligent CIO Middle East Issue 34 - Page 95

/////////////////////////////////////////////////// t cht lk SOMETHING ‘PHISHY’: HOW TO IDENTIFY AND AVOID PHISHING SCAMS Phishing might be one of the oldest tricks in the books for cybercriminals but it remains a significant threat, with sophisticated new attack methods constantly emerging. Harish Chib, Vice President, Middle East and Africa, Sophos, outlines some of the current trends and offers some advice to help businesses and organisations protect themselves. P hishing is one of the most common attack vectors for hackers who exploit end-user behaviour as the weakest link in an organisation’s cyberdefence. For years, criminals have disguised attacks in emails and today we see phishing emails as a primary delivery method for ransomware payloads. Phishing emails have led to massive data exposures, which caused major reputational and financial damage in the private and public sector over the last few years. As cybercriminals continue to prey on employees through their technology, they are always taking measures to be one step ahead. In an organisation all it takes is one employee to take the bait. Today’s phishing attacks are so prevalent and so convincing across organisations. What started off as simply ‘phishing’ has now developed into three branches of attacks: the classics, mass phishing and spear phishing, and the recently emerging trend of business email compromise acting as a subset of spear phishing. Business email compromise (BEC) is associated with employee email accounts being compromised rather than the sender “ CYBERCRIMINALS WILL CONTINUE TO TAKE ADVANTAGE OF OPPORTUNITIES AS LONG AS THEY ARE GETTING THEIR MONEY. THE FIGHT IS CHALLENGING BUT IT’S SOMETHING WE CAN WIN. INTELLIGENTCIO 95