The perpetrators of cyber-attacks are increasingly becoming more sophisticated in their approaches to ensure they get past modern email security solutions.
In an exclusive interview during GITEX Technology Week 2019 earlier this month, Yazan Hammoudah, Systems Engineering Director, MEA, FireEye, highlighted the company’s latest email threat report and urged organisations to be security-focused when adopting advanced technologies.
FireEye’s latest email threat update has revealed a number of key findings. One of the major issues is that attackers are exploiting cloud services and getting ahead of it. More and more cyber criminals are deploying phishing attacks and some common tactics include hosting Microsoft-themed phishing pages with Microsoft Azure, nesting embedded phish URLs in documents hosted on popular file sharing services, as well as establishing phishing URL redirects on popular email delivery platforms.
Another key finding is that Microsoft continues to be the most popular brand used in phishing lures.
And the third key discovery is that verticals such as entertainment, media and hospitality are the most targeted segments. Other highly targeted verticals for email-based attacks include manufacturing, service providers, telecom, state & local government, services/consulting, and insurance.
In light of these findings, Hammoudah said, “Many companies have begun to adopt advanced technologies such as IoT, AI, blockchain and 5G. However, it is important for customers to onboard these technologies in the most secure way. At FireEye, we are providing customers with the right technologies to safeguard their mission-critical assets. Technology by itself is no longer sufficient, we need to provide the right expertise and threat intelligence.”
He reiterated that the three pillars – technology, threat intelligence and expertise – are the vital components customers have to focus on to ensure that they adopt new technologies securely.
According to Hammoudah, out of these three pillars, investing in people in terms of training is a crucial aspect for organisations.
He said, “Investing in employees should be also about making sure non-IT users are aware of security incidents happening across the globe. At the end of the day, an entire organisation can be easily breached because of even one user clicking on an attachment.
“At FireEye, we offer pioneering solutions and give the right attention to users and processes to ensure they are up to date based on the latest attacks taking place in the world.”
He urged CIOs to select the right vendors who can help them make their organisations most resilient against evolving threat factors.
Discussion about this post