Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Future trends. Show all posts

Bracing for Evolving Phishing Frauds

 

Phishing scams are still the most common type of cybercrime. Unfortunately, as social engineering attacks get more advanced, this tendency is likely to continue in 2022. The numbers are worrisome and the phishing attacks account for more than 80% of all security issues reported. 

In fact, phishing attacks have been successful in 74 percent of firms in the United States. Companies must be watchful and proactive by implementing a defense strategy as phishing will remain the favoured method of attack for cybercriminals in the coming year. Phishing attacks have the potential to compromise infrastructure and organizations will need to plan ahead and anticipate investing more money in preventative measures in 2021 than they did in 2021. 

Phishing takes a new turn 

As cybercriminals get more sophisticated, here are some of the tactics that businesses should be aware of. It will be considerably difficult to distinguish between spoof and legitimate emails. Email recipients may be alarmed by clever subject lines. Email recipients may be alarmed by clever subject lines such as "Changes to your health benefits" or "Unusual login detected." 

Other common methods of attack include denied memberships, fraudulent subscription calls-to-action, and billing and payment warnings. Furthermore, fraudsters are becoming more sophisticated in their use of false links. Users who aren't paying attention may be scammed into clicking on links that lead to harmful websites. Phishing assaults will be elevated to a new level as a result of social engineering attempts. Artificial intelligence-based tactics, such as copying someone's voice to elicit sensitive information, will become more common. 

A good offense is the best defense

The good news for businesses is that they can use artificial intelligence (AI), email security, and cybersecurity training to protect themselves from more sophisticated phishing assaults. Investing in AI-based preventative tools that track and examine email communications is the first line of defence. 

A strong AI solution examines variables like the devices' external senders and employees, who they message, what time of day they communicate, and where they communicate from. This data is then used to create trusted email sender profiles, which are subsequently compared to incoming emails to authenticate the sender and detect and avoid sophisticated phishing efforts. Artificial intelligence-based monitoring software may even scan photos for fake login sites and altered signatures, then immediately quarantine malicious emails so that the end-user never sees them. 

Another preventative step is email security. Technology that displays warning banners and identifies problematic emails is beneficial since it allows users to quarantine or mark messages as safe with a single click. Passwords that have been compromised can be used to launch cyberattacks. Single sign-on (SSO), multifactor authentication (MFA), and password management are all included in an identity and access management (IAM) tool. 

Another option to mitigate the security concerns associated with passwords is to use passwordless authentication. This method confirms a user's identity by utilizing biometrics, such as fingerprints, and one-time passwords, which require users to enter a code that is either emailed, transmitted through SMS, or received via an authenticator app. 

Finally, a company is only as powerful as its employees, emphasising the importance of cybersecurity training. The first line of defence is employees. An organization's odds of experiencing a cybersecurity incident can be reduced by up to 70% by boosting security awareness. Security awareness training should always be included in onboarding, and phishing simulation campaigns should be run regularly, at least once a month. 

While this may appear excessive, research reveals that four to six months after each training session, trained employees begin to forget what they learned. With hybrid workplaces becoming increasingly widespread post-pandemic, over half of the remote workers use email as their major mode of contact, demonstrating the importance of security awareness training. 
 
According to the FBI, firms in the United States lost more than $1.8 billion in costs due to business email compromise (BEC) or spearphishing last year. Phishing scams resulted in adjusted losses of more than $54 million, according to the FBI. Given that phishing remains a popular type of intrusion, it's reasonable to assume that number will continue to rise. 

Organizations may help defend their businesses from being hacked by utilising AI's complete functionality to construct a powerful security platform that detects threats, as well as strengthened email security measures and employee training.

DHS Called On Hackers to Join Government During Black Hat Speech



Department of Homeland Security Secretary Alejandro Mayorkas at a conference of Black Hat motivated participants to come forward and share their creativity, ideas, and boldness with the government agencies on defining the future of cybersecurity policy that has not been mapped yet. 

“We need your creativity, your ideas, your boldness, and your willingness to push limits. We need you to help us navigate a path that has not yet been mapped,” Mayorkas said. “What’s at stake here is nothing less than the future of the internet, the future of our economic and national security, and the future of our country.” 

Mayorkas introduced the upcoming program named the Cyber Talent Management System which will redefine hiring requirements for cybersecurity roles in the government agencies and payment will also be adjusted according to the current workforce environment. He motivated the participants to “lead the charge on the inside,” by joining the Cybersecurity and Infrastructure Security Agency and DHS. 

“This initiative…will give us more flexibility to hire the very best cyber talent and ensure we can compete more effectively with the private sector,” he said. 

According to the present statistics, under the Biden administration hiring is a major focus of DHS. Currently, the firm is trying to fill a number of open cybersecurity jobs within the agency and to recruit more diverse talent in cybersecurity. 

Furthermore, Mayorkas said that they are observing the current scenario if young talents are not interested in working with the federal government. However, security specialists have an opportunity to “bridge the gap between the hacker community and the federal government” by collaborating with the agency, he added. He concluded his speech by comparing the current state of cybersecurity with the mid-18th-century struggle between Britain, China, and Russia. 

“We are competing for the future of cyberspace – one in which friends gather, colleagues communicate, businesses sell, consumers buy, dissidents organize, horrific crimes occur, governments hear from their citizens, and information is widely and quickly disseminated,” he said.

Cyber security 2021 : What new threats can be expected?; here is our estimate


2020 has been an event-full year for cybersecurity, to say the least COVID-19 completely shifted the paradigm for the 184 Billion dollar industry, with ramifications felt throughout the year and possibly next year. So, what new threats can be expected in cybersecurity for the year 2021? We assessed future threats trends that you'll need to be careful of:

 Social Engineering Attacks:

Verizon’s Data Breach Investigations Report for 2020 says that social engineering is a top attack vector and this trend will probably continue for 2021 but in a better and sophisticated way. For example, attackers scamming people by asking their detail like email, card numbers, etc for free Covid testing kits.

 Cybercriminals will be focusing on Remote Workers and Network Attacks: 

 Social Distancing can slow down virus but not hackers. In 2021, it's highly probable that attackers will focus on WFH (Work From Home) employees and people using minimal security defenses. Phishing, including by email, voice, text, instant messaging, and even third-party applications targeting WFH employees will be high.

 Slow Economy leading to a reduced budget will result in compromising cybersecurity : 

 As the U.S economy fell from $779 billion at the end of 2018 to $2.8 trillion as of July 2020 their spending on IT and tech investment with a 10% decrease in 2020also decreased After years of accelerating, IT spending decreased nearly 10% in 2020. This will probably continue in the next year and companies will look for a more convergent cybersecurity solution where one company can provide the whole security solution like McAfee or Microsoft. Secure access service edge (SASE) platforms will gain a foot over disjointed products as companies will look for cost-cutting measures.

 Attackers relying on Machine Learning:

 Beyondtrust.com makes an interesting prediction that could viably come true with the rapid evolution in attack ways used by hackers and they predict that threat actors will use machine learning to discover vulnerabilities and gaps in security as well as evade security defenses. "ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing."