Cyber attacks are getting more complex and sophisticated every day. Criminals used to take a spray-and-pray approach, casting a wide net and relying on a large volume of unsophisticated targets falling for an attack, unintentionally giving away sensitive information or downloading malware. But, as defenses got better at blocking this type of attack, hackers learned to adapt.
Cyber criminals developed new types of attacks that can evade traditional security measures. For example, spear phishing, whaling, business email compromise, and CEO fraud are generally zero-payload attacks, so they can bypass most firewalls and email security solutions because they don’t include a malicious link or attachment. Instead, they rely on social engineering to trick users into giving away login credentials that can be used to gain greater access or take over an email account and use it to send more convincing spear phishing emails. Often, attackers will infiltrate an organization’s network and study how the business works so they can more effectively target specific executives with requests to wire money or send sensitive W2 information.
And, these types of sophisticated attacks are becoming more common. According to a recent study by GreatHorn that was published on Help Net Security, 56 percent of security professionals see email threats including impersonation attempts, wire transfer requests, W2 requests, payload attacks/malware, business services spoofing, and credential theft, on at least a weekly basis.
AI for Better Defense
To combat these types of complex attacks, IT services providers need to implement more advanced solutions and help customers take a layered approach to email security.
One piece of this is moving beyond default security. As more businesses move to cloud-based solutions like Office 365, many organizations are simply counting on the native security that’s included with these platforms being enough to protect their data. This level of protection isn’t enough to combat today’s sophisticated hackers, though.
Adding a third-party email security solution can help IT service providers improve the basic level of email protection their customers have in place. Third-party email security solutions provide more advanced threat detection and remediation. Vendors are also starting to leverage the power of artificial intelligence to help improve defenses. For example, Barracuda Sentinel uses an AI engine to learn the communications patterns of an organization and identify and stop spear phishing attacks.
The Human Firewall
Security awareness training is another important piece of protecting your customers from advanced threats and sophisticated hackers.
IT professionals are aware that user error is a significant threat vector. According to Barracuda’s recent Email Security Trends report, 84 percent of IT security professionals said poor employee behavior was a greater email security concern than inadequate tools. And, there is room for improvement when it comes to security education. Also according to the report, 98 percent of respondents said there are better ways to train employees than traditional classroom education.
One approach IT service providers can use to improve security awareness training is adding computer-based training to their security offering. Computer-based training solutions provide a combination of interactive educational materials and phishing simulations, which IT service providers can use to evaluate end users’ knowledge of security best practices and ability to recognize email-borne threats.
Providing this type of training on an ongoing basis helps service providers add value for customers that need training for compliance reasons. It also helps turn end users into an asset instead of a vulnerability. Educated employees that are aware of current threats and understand how to recognize an attack are like a human firewall. Helping customers learn how to they can protect themselves is one of the most powerful tools an IT service provider can use to protect against today’s sophisticated attacks.
Barracuda MSP is a Silver sponsor of Navigate 2018, taking place in Boston on September 24–27, 2018! Come stop by our booth to say hi and learn more about how to protect against sophisticated hackers.
Handpicked for you:
By Lily Teplow
By Brian Downey
By Dave LeClair