The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them – through email protection, firewall rules and employee education – phishing attacks are still a very risky attack vector.
A new report by LayerX explores the state of phishing attacks today and analyzes the protections organizations have in place to protect against them. This report, “The Dark Side of Phishing Protection: Are You as Protected as You Should Be?” (Download here), can be leveraged by security and IT professionals across organizations in their security efforts. They can use it to pinpoint any internal security blind spots they have and identify controls and practices that can help them gain visibility into those blind spots.
Understanding the Threat: Phishing Stats
Phishing is on the rise. Based on a number of sources, the report describes the magnitude of the problem:
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
- 61% increase in overall phishing attacks on enterprises
- 83% of organizations were subject to a successful phishing attack
- Over 1100% increase in phishing URLs hosted on legitimate SaaS platforms
A Phishing Attack Breakdown: Where is the Protection Blind Spot?
Why are these stats so high? The report details the three main ways attackers are able to exploit systems through phishing:
- Email Delivery: Successfully sending maliciously crafted emails to the victim’s inbox or through social media, SMS messages and other productivity tools.
- Social Engineering: Luring the user to click the malicious link.
- Web Access and Credential Theft: Having the user access the malicious web page and insert his\her credentials. This is also where the protection blindspot resides.
The Three Alternatives to Protecting Against Phishing Page Access
As a security professional, you also need solutions to the problems. The report provides three paths forward to protecting from phishing page attacks:
This solution protects the organization at the critical point of where the attack’s objective takes place: the browser itself. Therefore, it succeeds where other solutions fail: if an email protection solution fails to flag a certain email as malicious and passes it to the employees’ inbox and if the employee fails to avoid clicking the link in the email, the browser security platform will still be there to block the attack.
Deep Dive: Browser Security Platform and Deep Session Inspection 101
The key takeaway from the report is that IT and security experts should evaluate a browser security platform as part of their phishing protection stack. A browser security platform detects phishing pages and neutralizes their password theft capabilities or terminates the session altogether. It deeply inspects browsing events and provides real-time visibility, monitoring and policy enforcement capabilities.
Here’s how it works:
The complete report click here.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com