Most cyberattacks begin with a phishing email
“it’s not if, but when” that organisations will be impacted by a cyberattack has been promoted by cybersecurity practitioners for many years. ‘If, not when’ is undoubtedly true for most organisations today, with attackers developing and deploying ever-more-advanced and sophisticated techniques, and organisations battling to address cybersecurity concerns, including talent and skill shortages.
Most security breaches in recent memory, according to the cybersecurity community, could have been prevented. For instance, according to research, 95% of security breaches in 2018 could have been avoided, and many of the methods attackers used to successfully compromise systems in 2018 are still in use today. In a more concrete example, investigative reports label the 2017 Equifax data breach, which exposed the personal information of over 140 people, as being “totally preventable.”
Since it is difficult to stop even the most sophisticated and determined attackers, it is impossible to say for sure that the relevant security breaches would not have happened even if stronger security controls were in place. However, these reports suggest that it is far too simple for attackers to succeed in their goals.
Organisations are prone to security breaches when fundamental cybersecurity guidelines—often referred to as “cyber hygiene”—are not followed. Over 80% of breaches, according to recent research, involved the use of weak or stolen passwords; as access to corporate networks and applications is increasingly made possible by corporate mobile devices or employee personal devices under BYOD programmes, poor cyber hygiene at the individual level does have a direct bearing on enterprise security; attackers are undoubtedly using people as the entry point to corporate systems and data.
What can we each do, then, to better defend our organisations and, indirectly, ourselves from these attacks? Here are a few actions that would enhance our general “cyber hygiene” below:
1. Install security applications on mobile devices
The number of new mobile malware variants increased by 54% in 2018, driven by trends in the use of mobile devices to conduct sensitive activities like online banking and an increase in the amount of sensitive data held on those devices. Despite this, mobile users continue to fail to adequately protect their devices from malware. On mobile devices, security software should be installed by trusted providers, and it should be updated frequently. IOS itself has built-in security features, and some popular security software on Android phones and tablets are Bitdefender, McAfee and Norton.
2. Avoid visiting questionable websites
One of the primary channels through which malware infestations on computers or mobile devices are spread is compromised or known malicious websites. Drive-by downloads, or malware infestations on mobile devices or desktops, can be prevented by restricting browsing to reliable websites and avoiding dubious websites.
3. Only download trustworthy mobile applications from reliable sources
Attempts to steal banking or other login credentials from mobile devices are also on the rise. One common technique is to trick or force users to install fake versions of well-known mobile applications on the Google Play Store and Apple App Store, or outside of these repositories, or to get users to download Trojan mobile applications that appear to serve a useful purpose (like a function or game) but carry out other harmful operations in the background. The hazards associated with installing fake mobile applications can be decreased by restricting the installation of apps to those that can be found on the Google Play Store and Apple App Store, are produced by reliable software providers, or have favourable evaluations.
4. Use caution when using social media
For example, gathering data from a person’s social media presence may allow attackers to impersonate the person for identity theft or as a platform to launch social engineering attacks on a person’s contacts and friends. Fraud, identity theft, and scams are major motivators for attackers to connect with people. Choose your acquaintances wisely, and don’t divulge too much personal information on social media or in job postings.
5. Use several passwords
According to a recent survey, 59% of respondents use the same password for as many accounts as they can because they are afraid of forgetting it. By stealing just one credential, this approach enables attackers to gain access to a person’s accounts on several systems. It is recommended to use multiple passwords for various programmes and websites to reduce risk (e.g., personal email, corporate network, banking, and social media accounts)
6. Beware of phishing emails
Reports claim that 91% of all attacks 1 start with a victim being sent a phishing email. In addition, phishing techniques are used in 32% of all successful intrusions. Despite years of concerted efforts by the media and corporate security programmes to inform users about the risks of phishing emails and how to recognise them, these assaults continue to be quite effective. Even if you are familiar with the sender, it is best to only open attachments when you expect them and know what they include.
7. Use public Wi-Fi networks with caution
You can still encounter malevolent users on the same network using a secure connection. Use a virtual private network solution and stay away from important tasks like online banking and shopping when utilising public wireless networks.
8. Keep up with the security trends and developments
Meltdown & Spectre, one of the more well-known vulnerabilities released in 2018, were said to have impacted almost all computer systems. Every day, new vulnerabilities are found, therefore it’s critical for people to stay informed about the newest risks and trends to take immediate corrective action. It is frequently a matter of learning about risks as soon as possible and taking swift action to mitigate them which makes the difference between being secure and potentially being penetrated.
Other than “if, not when,” the cybersecurity community often uses the proverb “people are the weakest link in security.” Although not novel, the eight suggestions above are unfortunately rarely followed by the average user. Maintaining good cyber hygiene has become crucial and a critical first step in battling cyber threats. By doing so, we may stay safe online in our personal and professional lives while lowering the risk to our organisations.
In conclusion
The impacts of cyberattacks are truly devastating to any small, medium, or large enterprises. These attacks can cost everyone from multinational companies to individuals a great deal of money and hardship. Unfortunately, statistics speak for themselves as previously mentioned that 91% of cyberattacks start with just a single email.1 Therefore, everyone must take the appropriate precautions to mitigate and reduce the impact of such attacks.
Find out more about how you can defend your business and yourself from such attacks with MyRepublic’s improved email security or have your company’s Cyber Security Vulnerabilities Assessed.
Talk to our experts today at: https://myrepublic.net/sg/business/ignite/
Stryve. (2022). 91% of Cyber Attacks Start with a Phishy Email. 91% of cyber attacks start with a phishy email. Retrieved November 5, 2022, from https://www.stryvesecure.com/blogs/91-of-cyber-attacks-start-with-a-phishy-email
