Most ransomware attacks begin with a phishing email. As concern around ransomware grows, financial services organisations are looking to their employees to act as their last line of defence against attackers.
In this guest post for The Fintech Times, Egress VP of Threat Intelligence Jack Chapman argues that organisations must fundamentally change their approach towards phishing, instead, focusing on their people to strengthen their defences against phishing and, in turn, ransomware.
In his role as VP of Threat Intelligence at Egress, Chapman is responsible for staying one step ahead of attackers, leveraging his extensive knowledge of the latest tactics used by cybercriminals into product development of Egress Defend.
Previously holding the position of Chief Technology Officer and co-founder at Aquilai, an anti-phishing software provider recently acquired by Egress, he is passionate about empowering organisations and their employees in the fight against phishing.
After a spate of high-profile attacks, ransomware has financial organisations worried. Most notably, the $5m Colonial Pipeline attack that triggered a state of emergency in four different states. In the aftermath of the attack, the US National Security Council warned that banks and financial institutions should look to increase their protection.
With the National Crime Agency also warning that ransomware attacks are growing in both frequency and severity, UK financial services organisations are increasingly concerned that they could be next. Paying ransoms inevitably comes with a price tag attached but they also cause significant damage to operational efficiency and customer trust. It’s no surprise that for many financial organisations, increasing their defences against ransomware is top of the agenda.
The root cause of most ransomware attacks is surprisingly simple: email, specifically via phishing attacks.
Phishing is an insider risk, with attackers relying on an organisation’s employees to take the bait. Once a phishing email lands in an employee’s inbox, their decision about what to do next is make-or-break. Attackers intentionally make this vital decision harder, employing clever social engineering techniques and psychological triggers. Attackers will create a sense of urgency, using fear to motivate the employee to respond as quickly as possible. They’ll also harvest information about employees and their organisations from past data breaches, company websites and public social media profiles. Using this data, they then create highly convincing malicious emails that can be almost impossible to spot.
It’s vital for organisations to change the way they look at phishing. If the employee falls for the attack, handing over their credentials or downloading ransomware, they can open the door for cybercriminals to wreak havoc inside their organisation’s defences.
By focusing on protecting the human layer of their organisation, security teams can protect their organisation’s revenue and their reputation from phishing and ransomware. Organisations must deploy technology to support and protect their employees, allowing them to carry out their roles without the fear of being targeted by attackers. Intelligent technology utilises machine learning and natural language processing, and unlike legacy solutions, is able to detect and mitigate even the most sophisticated attacks, including those that use social engineering.
As part of their defence against phishing, organisations also need to educate their employees. By engaging with employees and ensuring they’re aware of how to spot an attack, security teams can build up a highly vigilant internal defence. This shouldn’t be a one-touch approach but must be delivered by anti-phishing technology with active learning built-in, which daily points out the signs of phishing.
Cybercriminals are constantly levelling up their phishing attacks against businesses. By ensuring that their employees are properly protected, financial services organisations can turn their employees into their greatest security defence.