Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Outbound threats cause a continuous headache for IT professionals. There’s so much variety in type and risk level, and prioritizing what to be most concerned about is a challenge. Plus, risks have ramped up in recent years due to the rise in home working, flexible working, and BYOD, making the landscape more complex. It’s easy to be concerned about whether you have the right tools in place to deal with the multitude of cybersecurity risks out there.

Hackers use many tools at each stage of an attack. These tools are often readily available online, both free of charge and to buy, and easy to use for non-technical cybercriminals. Understanding a hacker’s tools and tactics is essential for cyber security practitioners and vendors aiming to build effective defenses and stay one step ahead of a quickly evolving host of cyber threats.

We talk extensively about the impact of inbound cybersecurity attacks and the devastation they can cause, but what about outbound data loss? According to an IBM study, human error is the leading cause of 95% of cybersecurity breaches. That means 19 in 20 breaches could be avoided entirely if not for a person introducing risk either through human error, deliberately breaking security protocol, or malicious behavior.

Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.

With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused $44 million in losses. It is crucial to employ defenses to protect against these attacks.

Industry analyst Gartner recently published their 2022 report on the state of the DLP market. They consider DLP a mature technology but do talk to the emergence of next generation data security tools for insider risk management and cloud use cases. The enterprise DLP (EDLP) market is growing at around 6.6%.

A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These websites have the capability to change their background and logo depending on the user’s domain. The phishing site is stored in IPFS (InterPlanetary File System) and after reviewing the URLs used by the attacker, we noticed an increasing number of phishing emails containing IPFS URLs as their payload.

While cybersecurity risks are similar across the board for any IT leader, it's down to each CISO to decide what takes priority. Before doing that, they need to assess the risks and plan accordingly for them. Unfortunately, many businesses don't do this. A 2022 UpCity study – the Small Business Cybersecurity Survey Investigations Report – found that only 50% of SMBs have a cybersecurity plan.

As businesses continue to adopt cloud integration and remote work increases, security teams are facing more visibility challenges as well as an influx of security event data. There is more need to understand the threats than ever before, as the threat surface area increases, and tactics increase. Cyber threats are becoming more sophisticated and occurring more frequently, forcing organizations to rely on quality threat detection to protect their data, employees, and reputation.

Our research has revealed that 80% of security professionals have experienced increased security threats since shifting to remote work. To stay protected against attacks and reduce the chances of losing significant amounts of money, putting their users at risk, or destroying their reputation, organizations must do more to innovate against email risks. In our most recent report, Cybersecurity experts' views on email risk within Microsoft 365, we identify many of the risks Microsoft 365 users face.