The increasingly digital global economy has created a “perfect storm” for cyber attackers.
As our reliance on websites and email to interact with organizations has grown, so too has the opportunity for criminals who are increasingly preying on the trust we have in these organizations.
Sophisticated attackers are hoodwinking their targets by posing as trusted senders and brands, getting them to hand over login details, personal information, and money. The majority of these attacks start with phishing and impersonation emails, the use of which grew by 54% and 67% respectively in the last 12 months alone. Suffice it to say that deception is now the name of the game. And while big-name brands may be more valuable targets to impersonate for illegal gain, no business or organization is immune.
A large university recently found itself the target of this type of attack. Attackers set up a fake university website, sent phishing emails to students, and harvested their credentials when they logged in. Unaware of this attack for quite some time, many student’s details were stolen, impacting the university’s ability to safeguard and causing reputational damage that could impact their ability to attract the best and brightest.
But how do you stop phishing threats you can’t see?
It’s no longer enough to protect just what’s yours or even your partners’, as many brand exploits will never touch you directly. You likely won’t even be aware of them. They exist beyond your perimeter and are designed to target your customers, partners, and wider supply chains, using your brand as bait. The time has come to move from defense to offence.
Defending against, detecting, and remediating threats that occur beyond your perimeter is particularly challenging. With limited or no visibility, your organization is vulnerable to attacks that can take a very long time to uncover – if you ever discover them at all.
Your cyber resilience strategy must evolve from a perimeter-based security strategy to a pervasive one, with technology that allows you to protect against abuse and imitation of your brand and domains.
The 4 essential requirements for effective brand exploit protection
It’s all too easy for cyber criminals to scrape content from legitimate websites, set up lookalike domains, and trick innocent people into divulging sensitive data. Finding a solution to detect and destroy these types of attacks to protect your organization, customers, suppliers, partners, employees and others is difficult
The 4 critical requirements to look for in a solution:
1. Brand monitoring – A solution must be able to rapidly detect brand impersonation to protect your customers, supply chain and your own employees from phishing scams using domains similar to your own.
2. Website Cloning Detection – Not all phishing sites that use brand impersonation will reside on similar domains to yours. Therefore, a solution must be capable of protecting against attacks where cybercriminals have cloned your website, irrespective of the hosting domain.
3. Takedown – If a suspicious or live attack is detected, blocking and rapid takedown is essential to limit and even prevent damage. Look for instant updates to all well-known reputation lists and in-house takedown capabilities for end-to-end ownership of problem to resolution. Segasec also offers technology that is engineered to limit the use of stolen data.
4. Gateway integration – Once a domain is identified and determined to be a risk, a single ‘click’ should automatically create security policy in your email and web gateway service. This helps protect against your employees being tricked into visiting the fake site.
Sophisticated attacks mandate highly-developed defenses. In fact, defensive action will not adequately protect your organization which is why you need a solution that takes an offensive approach, one that moves beyond your perimeter, to find and fight brand exploits.
Mimecast’s recent acquisition of Segasec, a leader in end-to-end brand exploit protection, delivers against all four critical requirements outlined to deliver optimal protection for your organization, your customers, suppliers, partners and employees. Mimecast State of Email Security Report, 2019
Article by Dan Sloshberg, Sr.Product Marketing Director, Mimecast