The importance of phishing awareness

March 18, 2024

Stef Geeurickx

The recent cyberattacks at Duvel and Goed (CM) have once again emphasized the importance of IT security. The system got hacked to steal (personal) data. Mostly these attacks use phishing to get into the system. What is it and how can we help you preventing it?

 

What is phishing?

Firstly, what do we mean with it? Phishing is a method where someone contacts a target pretending to be someone else. For example, a close personal contact, a commercial company or a representative of a government institution. The objective is to get people to reveal sensitive information such as credentials, bank or credit card details. Such an attack can have devastating results going from ransomware attacks, revealing of sensitive data, identity theft, financial loss …

 

History

Its origin can be traced back to the 90s when hackers targeted members of American Online, a provider of internet access. By stealing user details, including username, password and other personal information, they were able to retrieve and misuse credit card information. Since then the practice has become widely spread. According to The Brussels Time, Belgium ranks fourth globally for cybercrime density, with phishing as the most common cybercrime.

 

Different types of phishing

Email seems to be the most popular medium. But scammers have become more creative and started using other methods. For example these ones:

  • Vishing and smishing
    Vishing is where scammers contact the target via phone, using their voice. Smishing is the use of text messages with deceptive content.
  • Spear Phishing
    An attack targeting a specific person or group of people. Generally, staff and IT managers with higher access levels.
  • Clone Phishing
    Related to spear phishing but instead of sending false mails, the scammer copies authentic mails and changes the link from the original mail with a new malicious link.
  • Pop-up Phishing
    Placing of code in a pop-up when visiting a website. For example, a message asking to allow notifications, when the user clicks ‘allow’, malware will be installed.
  • Calendar Phishing
    Fake calendar invitations with phishing links.

 

How to prevent phishing?

As it is becoming more widespread, it is key for companies to be protected against these practices. The best way to do so, is firstly to implement appropriate technical measures and secondly, to build a positive security culture among employees.

Some examples of technical measures are a well configured firewall, automatic filtering of mails, multifactor authentication, monitoring, etc. Besides this, there is also the security culture to consider, the human factor. According to a study from Verizon in 2022, 82% of breaches involved a human element. This includes incidents in which employees expose information directly (for example, by misconfiguring databases) or when making a mistake that enables cyber criminals to access the organization’s systems.

 

Our security solution

At Brightest we focus on two things. On the one hand our security defense solutions (application, API, mobile, network). On the other hand, the awareness of users.

Since last year, we partnered with KnowBe4, a company co-founded by Kevin Mitnick. As ex-hacker he turned white-hat, in 1983 he was convicted for hacking the Pentagon. Mitnick is now active as Chief Hacking Officer of the company and knows the importance of security. In other words, the poacher turned gamekeeper. KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.

In a nutshell, we start with a simulated phishing attack to measure the phish-prone percentage. This means the percentage of how many employees click on phishing mail content. Which is the starting point to improve by awareness training and follow-up simulated attacks.

Let’s work together

Interested in how our security solution can help your organization?

Contact us