P hishing is, and will continue to be, the Approximately 97% of employees across multiple industries cannot recognize a sophisticated phishing email. It creates tremendous risk for companies and adds pressure on MSPs to keep them safe. Unfortunately, phishing is here to stay, and the bad guys are only getting better at it. Types Of Attacks On The Horizon MSPs should be mindful that phishing attacks will continue to evolve in 2022. They will need to budget accordingly and anticipate spending more funds on preventive measures than they did last year so they can protect their customers’ infrastructure as well as their own. Here’s what to look out for. cybercriminal’s favorite mode of attack. The reason is because it’s very simple to dupe even the smartest person with a cunning email designed to wreak havoc on an organization. Attacks will get more creative. Spoof emails will become more difficult to differentiate from authentic ones. Email users may see clever subject lines with messages such as “changes to your health benefits” or “unusual login detected.” Other popular modes of attack could revolve around declined memberships, fake calls-to-action about subscriptions and billing and payments alerts. Cybercriminals are also getting savvier with their use of deceptive links. Unsuspecting users may be misled to click on links that then send them to malicious websites. And that’s not it. Methods using artificial intelligence (AI), such as cloning someone’s voice to get them to reveal sensitive information, will become more commonplace. Clients in certain sectors may require more support. The top five sectors in which employees interact with phishing messages are consulting, apparel and accessories, education, technology, and conglomerates/multi-nationals. There are opportunities here for MSPs when it comes to offering security awareness training as well as the implementation of anti-phishing tools. Keeping Clients Safe Phishing prevention requires a comprehensive strategy that incorporates AI, email security, and cybersecurity awareness training. The first line of defense is to invest in AI-based prevention tools that monitor and analyze email communications for behaviors such as the devices’ external senders and employees, whom they message, what time of the day do they communicate, and where they communicate from. This information is used to generate profiles of trusted email senders, then compares incoming emails to these profiles to authenticate the sender and detect and prevent phishing attacks. AI-based monitoring software can even detect false login pages and recognize altered signatures via scanned images. Malicious emails are automatically quarantined so the end user never interacts with harmful messages. Email security is another essential tool to combat cybercriminals. Solutions that offer warning banners and flag suspicious emails allow users to quarantine or mark the message safe with one click. Compromised
AS PHISHING EVOLVES, SO DOES THE NEED FOR PREVENTION
STRATEGIES By Manoj Srivastava, General Manager, ID Agent/Graphus
MSPSuccessMagazine.com/cyber2022 32
Made with FlippingBook Ebook Creator