Consider a typical workday scenario, if any employee receives a seemingly harmless email, prompting them to click a link to verify their account details. It's a mundane task in the daily stream of emails circulating through any organisation. However, what seems like a routine email interaction could be the catalyst for a phishing attack, strategically aiming at employees to potentially open the floodgates for a more significant cyber onslaught on the entire business.
According to a recent research report by Capterra, a Gartner Digital Markets company, the prevalence of such phishing attacks has surged, with a startling 79 per cent of businesses in India succumbing to these deceptive tactics in the past year.
This alarming statistic underscores the urgent need for businesses to not only recognise the looming threat but also fortify their defences against the perils of phishing. In this article, BW Businessworld will look at real examples, advice and practical strategies from experts to understand phishing attacks better.
Utilising Advanced Authentication Measures
Sukanya Awasthi, Report Analyst, Capterra, emphasised the critical role of adopting robust security measures to enhance workplace security. She suggested that to fortify digital defences, companies can employ various strategies. Utilising password management software enables the creation and maintenance of strong, secure passwords across multiple devices. Additionally, the implementation of two-factor authentication (2FA), including methods like fingerprints, passcodes, or secondary device confirmation during login, adds an extra layer of verification.
“Our survey indicates that 93 per cent of respondents noted their employer's use of 2FA for specific or all business applications, while 87 per cent acknowledged the preference for biometric identification methods, particularly fingerprints and facial scanning. These proactive security measures underline companies’ dedication to reinforcing their digital fortifications and protecting sensitive information,” stated Awasthi.
Jaspreet Singh, Clients and Markets Leader, Grant Thornton Bharat LLP, provided a comprehensive set of proactive measures against phishing attacks. Regular employee training sessions, raising awareness about email verification, implementing advanced email filtering solutions, enforcing multi-factor authentication and securing domain name, copyright and social media presence are crucial steps. Singh's insights underline the importance of a multi-layered approach to ensure comprehensive protection against phishing threats.
Cyber Insurance as a Safety Net
Evaa Saiwal, Business Head, Policybazaar for Business, introduced the concept of cyber insurance as a proactive measure against phishing attacks. Saiwal suggests that companies falling prey to phishing attacks can minimise financial losses by opting for cyber insurance. This coverage extends to unauthorised transactions, data restoration, incident response costs, legal expenses and business interruption losses. Cyber insurance acts as a safety net, providing compensation for the financial impact of a cyber-attack.
Fintech Focus: Customer Trust And Cybersecurity
Karan Mehta, Chief Technology Officer (CTO), Ring shed light on the critical link between customer trust and cybersecurity in the fintech landscape. As financial crimes surge, Mehta stressed the need for fintech companies to anticipate security incidents and proactively address them. Ring's approach involves a robust framework comprising strong encryption, advanced threat detection, and recent certifications like SOC 2 and ISO, showcasing their commitment to upholding user trust. Beyond technological measures, Ring prioritises user education about best practices, leveraging cutting-edge technology, maintaining secure servers and continuous threat monitoring.
Continuous Adaptation And Industry Collaboration
Aloke Kumar Dani, Partner, Deloitte India, emphasised the evolving nature of phishing attacks with the advent of Generative AI. He underscored the need for organisations to implement next-gen anti-phishing solutions at the email gateway to detect malicious links or attachments before they reach users' inboxes. Dani highlighted the critical role of these solutions in preventing the damage caused once a user inadvertently clicks on a malicious link, highlighting the importance of swift detection and response.
Technology And Continuous Education
Ritesh Chopra, India Director, Norton, underlined the evolving strategies employed by cybercriminals and the need for brands to invest in cutting-edge technology. He stressed the importance of continuous education for users, ensuring they are aware of the latest phishing tactics and can actively protect themselves. Norton's strategy focuses on reducing risks associated with phishing attacks, maintaining security and fostering customer trust.
Chopra underscored the significance of endpoint protection. A dependable endpoint protection system continuously scans for potential dangers, including phishing attempts. Norton advocates for strong antivirus solutions, advanced patch management and privacy protection through cloud backup and VPN.
Sukhesh Madan, Chief Executive Officer (CEO). Blaupunkt India provided an overview of the brand's multifaceted strategy to combat phishing. Madan believes education plays a central role and with thorough awareness initiatives, Blaupunkt is empowering customers in identifying and thwarting phishing attempts.
From education and awareness initiatives to leveraging unique email filtering technologies, two-factor authentication and regular security audits, Blaupunkt India has a holistic approach. The brand's commitment to proactive security measures, including role-based access control, incident response plans and collaboration with cybersecurity experts, showcases a resilient defence against phishing attempts.
A Combined Approach
Sanket Sarkar, Founder, Zeron, pointed out the important role of Attack Surface Management (ASM) and Cyber Risk Posture Management (CRPM) in countering phishing attacks. ASM, focusing on the proactive identification and mitigation of vulnerabilities across both external and internal assets, reduces exposure to hidden attack vectors and enhances threat detection. On the other hand, CRPM provides a comprehensive understanding of the organisation's cyber risk landscape, enabling informed decision-making, compliance assurance and swift incident response. Sarkar features the synergistic relationship between ASM and CRPM, where the latter informs prioritisation, fostering a proactive approach that anticipates emerging threats and supports data-driven decisions. This multi-layered strategy, integrating ASM and CRPM, forms a robust defence, safeguarding valuable data, brand reputation and business operations from the evolving threats posed by phishing.
A Unified Front Against Phishing Threats
The fight against phishing requires organisations to adopt a unified front, combining advanced technology, continuous education, regulatory compliance and proactive risk management. Insights from experts in various domains, including technology, finance and cybersecurity, contribute to a comprehensive understanding of the multifaceted strategies needed to combat phishing attacks effectively.
As the threat landscape evolves, the collaboration between industry experts, regulatory bodies and individual organisations becomes paramount. The proactive measures suggested by experts, ranging from advanced technology adoption to employee education and cyber insurance, form a collective defence against the ever-evolving tactics of cybercriminals.
By embracing a culture of vigilance, staying informed about emerging threats and fostering collaboration within and beyond industries, brands can navigate the complex challenges of cybersecurity. This not only ensures the protection of sensitive data and financial assets but also contributes to the overall resilience and trustworthiness of the digital ecosystem. The insights provided by industry leaders underscore the importance of continuous adaptation and collaboration in the ongoing battle against phishing threats.