Network and Internet infrastructure attacks come in all forms. From malware designed to poke and prod the defensive measures set up around the network to distributed denial of service attacks that block off entire servers and hardware, as the Internet becomes more complex, so too does the means of damaging infiltration from outside sources. Despite the more technologically advanced Internet attack methods, some of the most basic are still some of the most successful. A phishing attack, for example, takes advantage of a company's weakest Internet security link to worm inside of a network. A phishing attack can affect everything from an individual workstation to siphoning off financial information from within the secured server due to the backdoor access it received. In order to prevent a phishing attack, it is necessary to identify the security weaknesses and set into place different methods to prevent and protect against such phishing attacks.
What is a Phishing Attack
A phishing attack, also known as a phishing scam, is a means in which an individual is tricked into providing information, granting access or offering up other data the creator of the scam is looking for. Often times, a phishing attack is not directed at one person specifically. It is a widely released scam, designed to obtain financial data from individuals. These attacks can target internal network emails, but the real threat to a business are the phishing attacks designed specifically for siphoning information out of the enterprise. The delivery method may remain the same, but the priority of the attack differs. Where as an individual attack may look for financial information (such as credit card numbers) from a sole user, a phishing attack carried out on a corporation likely is in search of gaining internal access to the network in order to send back extensive financial records (such as payment methods from venders to personal records of customers).
Phishing scams in general are not as sophisticated as other malware attacks. With other malware and external threats, a cyber criminal probes the security defenses of a network in order to identify weak links. When an access point is discovered, information is withdrawn out of the network, or malware is installed within the network, often a small amounted of coding at a time, in order to avoid detection. Other attacks use a completely different tactic, sending overwhelming barrages of instructions to hardware within a server, designed to completely bog down the network. This can take security resources away from other points within the infrastructure as the IT cyber team works to correct the faulty commands, which in turn may provide a window of opportunity to briefly gain access to the network. These methods are all complex in nature and require extensive programming skills to pull off. A phishing scam though can be designed by nearly anyone. Phishing attack kits are available online that allow less skilled cyber criminals to build their own scamming attempts without extensive knowledge (Indiana University: Knowledge Base, 2017).
Phishing Scam Targets
In the world of phishing scams, humans are the weakest link. Employees, ranging from entry level interns to members on the Board of Directors are typically the gateway to granting phishing scam access. It works in a modernized, Internet based "Trojan Horse" tactic. Typically, a phishing attack falsifies its appearance in the form of an email. The message may look nearly identical to messages sent out by PayPal, Google, Apple, Amazon or other major companies, which increases the chance of an individual to click on the provided link or to send requested information to the false sender of the email. Essentially, employees are tricked into opening the gates for a major, internal threat (this topic is covered extensively in a previous post, so for a wider breadth of insights regarding employees as phishing scams targets, see the previous post) (Computer Weekly, 2017).
The Best Ways to Protect Against Phishing Scams
To completely eliminate the threat of a phishing attack, a company network would need to either completely eliminate human workers or cut off all access to the Internet. As neither of these methods are realistically possible, and skilled hackers would find a way around this situation as well, other protocols must be enacted to provide the highest level of security against these potential threats.
Some security measures a company needs to implement to prevent and protect against phishing attacks include:
- Stay current with updates
- Update spam settings
- Educate employees
- Remove local workstation control
- Prevent access to non-approved websites
Stay Current With Updates
Staying current with system updates cuts down on a variety of external threats. This includes everything from a DDoS to phishing attacks. The IT department needs to ensure all software, hardware and system updates are installed promptly. Failure to do so leaves an entire system exposed. With regards to phishing attacks, it may leave windows open in spam settings, allowing additional threats to appear in an employees work email.
Update Spam Settings
Spam settings need to be continually updated. As phishing emails become more and more complex these messages can find a way past older spam settings. As is the case with anti-virus and malware protection, the spam settings need to receive updates to properly protect a user. While it is the user's responsibility to avoid opening and accessing these messages, the fewer possible messages that enter an inbox the fewer chances of accidentally granting access to an attack.
An employee needs to know how to identify a phishing scam message from an authentic message. As most phishing attacks now come in the form of replicating a professional company's email, it isn't always possible to do it off of title or context alone. Looking at the sending email address often is the best way to identify whether a message came from an authentic company or a scammer (USA Today, 2016).
Remove Local Workstation Control
By removing local control over a workstation, employees are not able to adjust security settings. This means if websites, applications or services are blocked on the computer, they are not able to override the settings.
Prevent Access to Non-Approved Websites
Blocking access to non-approved websites offers a valuable method of reducing phishing scam attacks. This prevents an employee from opening personal emails or visiting potentially dangerous websites. These security measures can also blanket cover Wi-Fi connected devices, including smartphones and tablets. If an employee needs to check a personal account, they will need to disconnect from the corporate network. By blanket covering mobile devices and IoT hardware, it prevents phishing scams from slipping through employee used personal devices connected to the network via a wireless signal.
Phishing attacks are often simplistic in nature, yet are some of the most successful attacks on a network. By not only educating a staff on the dangers of phishing attacks to removing possible access points made available by employees, it is possible to prevent and protect against a phishing attack. As these attacks are successful typically due to human error, cutting down on human interaction with a phishing attack will improve safety and reduce the potential of coming under attack of malware that has wormed its way into a network via an infested email or embedded link.