Intelligent CIO APAC Issue 30 | Page 32

EDITOR S QUESTION

WHAT CAN BE DONE TO FIGHT BACK AGAINST INCREASINGLY SOPHISTICATED PHISHING TECHNIQUES ?

If a burglar wanted to gain entry to your home , they could force their way in – perhaps by picking a lock , breaking a window , or some other means . If a neighbor heard noises or saw strange activity , they might call the police . This might result in the burglar getting caught , of course .

On the other hand , the burglar could try to convince you to hand over your keys willingly . Perhaps by posing as a delivery or repair person , or inspector , or by telling a plausible story . If the burglar can get their hands on the keys , they can simply walk right in – as if they are doing so legitimately and no one suspects a thing .
In the digital world , phishing is how burglars ( cybercriminals ) gain entry to your home ( your critical systems and sensitive data ). Successful phishing attacks provide attackers with stolen credentials that allow them to simply ‘ walk into ’ your business and gain access to the targets they have set their sights on .
How come phishing is so effective ? Well , for starters , phishing attacks have evolved significantly in recent years . Whereas they once were primitive , full of
Whereas they once were primitive , full of typos and not particularly convincing , nowadays , even experts have trouble distinguishing phishing emails from legitimate emails . typos and not particularly convincing , nowadays , even experts have trouble distinguishing phishing emails from legitimate emails . Phishing sites also look remarkably like the legitimate ones they are designed to imitate . It is no wonder so many users are fooled into providing their credentials to the attackers . In other words , handing over their keys willingly .
As many businesses continue to go through a Digital Transformation , the use of this method of attack has greatly accelerated and the resulting damage is spreading . An increased online presence means a bigger online attack surface and risk . Attackers don ’ t need to devise complex schemes to force entry into businesses these days – they can merely invest in convincing unsuspecting users to hand over their valid credentials .
That said , what can businesses do to protect their online applications from security and fraud incidents ?
Simply rooting out the phishing sites is not enough to combat credential theft . Attackers can create phishing sites with ease . When we take one down , another one pops up elsewhere . This can often devolve into a neverending battle of attrition that rarely makes our online applications more secure or protects them from fraud .
Instead , if we assume that a certain percentage of our legitimate users will fall prey to phishing attacks and will have their credentials stolen , we can adapt accordingly . When we shift our perspective and take this approach , we realise that identifying and mitigating security and fraud attacks that result from credential theft becomes one of our main focuses .
32 INTELLIGENTCIO APAC www . intelligentcio . com