Jack Chapman, SVP of Threat Intelligence, KnowBe4.

Emails have consistently been a gateway for cyber attacks. As organisations improve their security in other areas, hackers return to the strategies that work, and the human element in phishing is a weak point that is always relevant.

“People make mistakes and can be emotionally manipulated. AI technology makes this even easier for hackers, who use deep fakes and automation, and can customise phishing mails to their targets based on open source intelligence,” says Jack Chapman, SVP of Threat Intelligence at KnowBe4.

Phishing attacks this year are 10% to 20% more prevalent than last year. Diverse techniques are being used, and criminals are investing in security tools to learn how to bypass them. Hackers are creating more personalised and focused emails. The days of sending out campaigns in the millions are over. Cybercriminals are also using techniques that combine a ‘flood attack’, which they expect security teams to catch, with one or two specifically focused emails that slip through the net.

“Breaches via email are the number one source of attacks in every organisation,” Chapman says. “Phishing attacks take place on many levels, from commodity phishing attempts, which happen at scale but are nonetheless dangerous and sophisticated, to advanced phishing, where a criminal is determined to breach your organisation and makes repeated attempts to gain access. To do this, they might also target your supply chain and go through there, creating a compromised account.”

Ransomware gives bad actors the chance to access your organisation’s shared network drive, says Chapman. Once they have the keys to the kingdom, they can move laterally through your organisation to employees who have admin rights, or use your organisation to attack all of your customers and connections. This costly disaster is extremely damaging to your business and your reputation. The best case scenario is undoubtedly prevention, which will save your business massive amounts of time, money and stress.

“Another benefit of strengthening your preventative defences is that you prove to criminals that your organisation is mature and well secured, which makes it more likely they will move on to a softer target. If they identify weaknesses and think they can succeed, they will keep trying,” Chapman says. “Prevention in today’s threat landscape is essential.”

KnowBe4-Defend is designed to prevent even the most sophisticated and advanced attacks from breaching an organisation. It uses advanced AI technology to capture attacks that would otherwise slip through the net, and it identifies advanced phishing and zero-day threats. “KnowBe4-Defend combines advanced technology with user education that empowers the human element in an organisation,” Chapman says. “Not only does it make emails safer, but it also explains to the user why and how an email is a phishing attempt by inserting banners and explainers into the mail itself. So, users are brought along on the security journey and are empowered to think like cybersecurity experts themselves. This saves administration staff time, money and stress.”

In order to better defend against future attacks, Chapman recommends that every organisation needs to fully understand its own risks and weaknesses. That way, you can identify the areas that need shoring up. Then, invest in email security, because the earlier in the process you can stop the threats, the more time and resources you will be able to allocate elsewhere.

“In today’s environment, with the escalating volume and sophistication of attacks, analysis of the threat landscape needs to be done quarterly,” Chapman recommends. “Look at your situation holistically and from an attacker’s point of view, including your technology, policies and people as part of the overall picture, rather than assessing each of these separately.”

To find out how to strengthen your email security with KnowBe4, go to: https://info.knowbe4.com/defend-microsoft-defender-demo-africa