The numbers don’t lie: According to the 2020 Verizon Data Breach Report, cybersecurity attacks have more than doubled in the past year. Shielding your organization from cyberattacks begins with revisiting the fundamentals.
To borrow a truism from history, no two battles are exactly alike. That said, battles are typically fought with a set of known-to-be-successful strategies. In line with this, cybersecurity attack fundamentals aren’t a matter of fashion or inclination; they are time-tested strategies, proven in their effectiveness. After all, most criminals aren’t looking to reinvent the wheel, so why should you?
Whether you want to make sense of the latest data breach news headlines or protect your organization from potential incidents, it helps to understand the different approaches a malicious actor might take in order to cause harm. Read on for Rapid7’s overview of the types of attacks most commonly seen today and how you can defend against them.
What is phishing?
Phishing emails are disguised as messages from familiar sources, such as friends, business contacts, or trusted organizations (e.g., banks, mortgage investment firms, or social media sites). These campaigns usually aim to capture sensitive information, often by attempting to install malware on your device or getting respondents to click on “spoofed” links.
The good news is the majority of phishing scams do provide clues as to their malicious intent. Since most reputable organizations invest in professional marketing, unpolished communications are frequently a sign of a phishing attempt. Look for these phishing red flags:
- Uneven or even strident tone (e.g., “Immediate action required!”)
- Messaging that appeals to a sense of urgency, greed, or fear
- An all-caps subject line
- Gratuitous use of exclamation points
- Spelling errors
- Grammatical mistakes
- Poor formatting
- Messy or “cartoonish” graphic design
Combating phishing attacks
When it comes to combating phishing attempts, your employees can be your greatest vulnerability or your first line of defense. Train your staff on phishing protocols and encourage them to report phishing attempts to IT immediately.
Stay proactive, and get started with these tips:
- Update email filter settings
- Pre-scan emails for suspicious attachments and URLs
- Avoid clicking on hyperlinks in text, buttons, images—including unsubscribe links
- Never download attachments
- Don’t provide personal information
- Don’t confirm or reset passwords
- Verify organizations through an independent browser search
- Set up multi-factor authentication
- Use strong passwords that contain no personal information
The key is to remain vigilant about where, how, and with whom personal data is shared.
Detect phishing attacks in your environment with Rapid7 InsightIDR, and minimize their potential impact with Rapid7 InsightVM.