How to Protect Your Company from Spear Phishing Attacks

Posted by Catherine Young

A study of CISOs done by Raytheon and the Ponemon Institute produced some sobering results. Researchers asked CISOs to assess their stress level today versus three years from now on a scale of 1 to 10 with 10 being high stress.  The group expected their stress levels to be at an average of 8.8, the highest recorded.

It’s no wonder.  It seems like there are new cyber security threats, attacks, and breaches in the news every day. Corporate boards aren’t engaged. Only a third of those surveyed felt their senior leadership view cyber security as a priority.  As the person in charge of protecting data and company assets, it can be unnerving because if something goes wrong, you’ll get the blame.

That’s why you want to use the right tools to minimize your potential risks.  INKY’s cloud-based email protection software blocks spam, malware, phishing attacks, and protects you from business email compromise (BEC).

Using domain-specific machine learning and computer vision, it identifies and blocks even zero-day exploits that get through email systems, including Exchange, Office 365, and G-Suite.

Spear Phishing Remains One of the Biggest Cyber Security Risks

While hackers are always evolving, spear phishing remains the single biggest point of entry for successful attacks. For business, 95 percent of attacks on enterprise networks start with spear phishing emails, according to the SANS Institute.

Some spear phishing emails impersonate trusted brands, like a financial institution you do business with, or an online store where you shop.  Cyber criminals may be trying to get you to enter your login credentials, credit card number, or launch malware on your computer.

Unlike mass email scams, spear phishing attempts can get highly personal.  Using social engineering and online research, perpetrators learn details about victims before sending emails.  Then, they zero in on their targets.  One study that analyzed half a million inboxes over a span of two years revealed that three-quarters of the spear phishing attempts were sent to 10 people or less.  A third of the attacks were sent to a single individual.

Massive Data Breaches (And Fines) From Spear Phishing

Anthem is the second largest health insurer in the U.S.  In October, it was fined $16 million to settle potential privacy violations resulting from a data breach.  The breach started with a spear phishing email to trick employees into revealing usernames and passwords.  Eventually, cyber criminals got system admin privileges and access to sensitive data and medical information for nearly 79 million people.

Russian hackers used spear phishing email as a tactic to steal the credentials of suppliers and open a backdoor into the U.S. power grid

Park Jin Hyuk landed on the FBI’s Most Wanted List. The North Korean hacker is thought to be an operative with APT38, a state-sponsored organized responsible for the costliest computer intrusions in history.  A series of phishing emails and other cyber-attacks targeted financial institutions that collectively attempted to steal more than a billion dollars, according to the FBI.

The list goes on and on. 

Traditional Email Phishing Solutions Fall Short

Every successful spear phishing attack got through legacy company security and built-in threat protection. Traditional email phishing solutions are simply not capable of identifying all of these increasingly personal attacks. Once it gets through legacy spam filters, you risk employees falling victim to spoofed sites, impersonation emails, and malicious attachments.  Cyber criminals are constantly evolving and finding ways to beat passive security monitoring, like ATP (Advanced Threat Protection) in Microsoft Exchange, Office 365, or security filters in G-Suite.

You simply can’t afford to rely on passive email security to protect your organization.   There is, however, something you can do right now to significantly reduce your risk.

INKY's Email Security Platform

INKY’s email security platform is at least a generation ahead of anything else on the market. INKY is a cloud-based email security platform that deploys Artificial Intelligence, Machine Learning, and Computer Vision to keep you safe.

INKY understands email security.  It automatically searches for potential fraud and can identify impostors by the pixel.. INKY is the only email security solution that prevents phishing by catching spam and malware that other email security solutions miss.

Contact the email security experts at INKY today for a customized demo.

You can learn more about spear phishing, other email security problems, and the best way to prevent attacks in INKY’s report, Welcome to 2019: Phishing Gets Personal Guide.

Topics: phishing attack