According to the Australian Cyber Security Centre’s 2022 report the two biggest types of scams hitting Aussie businesses are phishing scams (44,084 in 2021-22, up by 75%) and business email compromise scams costing $98 million in losses in 2022. Here’s some information about what these scams are, how they work, and the best tools for protecting your business.
What are phishing attacks?
A phishing attack is one where hackers use emails, websites, text messages or other similar media pretending to be someone they’re not. The message will prompt you to download software, click on a link, put in your details, or perform another action – and when you do, the hackers steal your credit card, login details, or other valuable information.
These attacks use social engineering to get the job done. This means that they pose as someone legitimate or a legitimate organisation and put pressure on you to take a certain action. They may, for example, tell you your account has been compromised and you urgently need to change your password and login information. Or they can tell you you’ve won something or that someone you know is in trouble and requesting money.
What are business email compromise attacks?
This is a type of phishing attack that is directed specifically at a business rather than an individual and takes place through email. The hacker may assume the identity of a CEO or executive at your company, lawyer, or HR person. They usually use a sense of urgency or even threats to get you to make a payment to a fake vendor, pretend to be a supplier needing a fund transfer, or try to get HR personnel to send them employee information.
If a third party your organisation has been hacked, they may send you malicious links or fraudulent invoices. This is very difficult to detect as the requests will come from a known, legitimate sender and can contain ransomware – a form of malware that locks you out of your system, which has risen by nearly 500% since the pandemic.
How to protect your business
Two main areas of your business that are most vulnerable to attacks are your email systems and your cloud solution. Here are the best tools for protection against hackers.
- Microsoft Defender for Office 365
Defender is great because it is very good at detecting and eliminating email threats before they even reach the user. It also has outbound scanning to protect your contacts in the event your email has been compromised. In addition, it contains anti-spam and virus protection, anti-phishing, and anti-spoofing protection. Finally, it secures you by comparing email URLs against blackhole lists (addresses associated with hackers) in real-time.
This is a very easy email security tool to use and has a dedicated layer for Microsoft users as well as being applicable to all types of email server. It has strong anti-virus protection as well as zero-day attack defences (vulnerabilities that have not yet been identified or patched). The program inspects all URLs for legitimacy and offers a time-of-click analysis feature to detect redirects.
This is very similar to Microsoft Defender, with powerful imposter, phishing, and email fraud protection. It has a useful smart search feature to trace incoming and outgoing emails, good control of what you can do with unwanted emails and is helpful at identifying graymail (when the system is unsure if the email is spam or not).
For the cloud
- Cloudflare Web Application Firewall
Cloudflare is very easy to install (doesn’t require additional hardware or software), offers customisable firewall rules (we recommend getting help from a cybersecurity team for this), and gets updated in real time. It’s also very privacy-focussed, as it is against the gathering and storage of data.
- Zero Spam
Fully-integrated with Office 365, this is a great option for Microsoft users. Your cybersecurity team can custom configure and filer user access and what they can access, and it has a WordPress plugin too for your website. It also has a very strong anti-phishing security layer.
- Cloudstrike Falcon
Using AI and machine learning, this program detects and prevents cloud-based attacks. This includes behavioural profiling (useful for internal and external threats), custom blocking (whitelist and blacklist capabilities) and security workflow automation. It is lightweight and can be used for threat prevention, detection, and incident response.
Make your cybersecurity our problem
At Otto, we’re all about the human side of tech – using proven, mature tech solutions to ultimately provide the best support and cybersecurity to your most important assets – your staff and customers. With our cybersecurity solutions and consulting services, it’s easier to secure your data, respond quickly to threats, and recover if an attack occurs. We’ll have your back, whatever your industry or the size of your business.
Call our cybersecurity consulting team today for a no-obligation chat.