Employees can help prevent phishing attacks, say BlackBerry

BlackBerry’s Vice President - UKI, Middle East & Africa, Keiron Holyome, says that the whole organisation needs to unite against the phishing threat

To preview our feature in Cyber Magazine, which will be a special feature titled ‘The dark side of remote working,’ Blackberry, the mobile pioneer-turned cybersecurity specialists, have got in touch to discuss remote security and how phishing targets remote workers specifically.

Keiron Holyome, BlackBerry’s VP - UKI, Middle East & Africa, shares his thoughts…

Kieron Holyome

How is phishing an issue for remote workers?

“Phishing criminals are constantly looking for methods to increase their profits. They haven’t missed a beat since opportunities surfaced from increased remote working. Spear phishing was a major problem before the pandemic, but it continues to account for most breaches today. There was an US$1.07M increase in breach costs (from US$3.89M to US$4.96M) specifically when remote work was a factor. Not only did these attacks result in huge costs, but it also took 58 days longer to identify and contain a breach when 50% or more of employees work remotely. With many employees still working from home indefinitely, a long term solution to securing home workers must be found.”   

What examples has BlackBerry seen of a phishing attack?

“Phishing criminals are aware that one way to achieve increased profits is by better personalising the email bait to appeal to the target receiver. For example, BlackBerry discovered that the Chinese cyber espionage group, APT41 had been preying on victims in India with a purportedly state-sponsored operation that capitalised on people's expectations for a quick end to the pandemic by the end of 2021. The user's servers, business emails, and other accounts would have all been compromised if these hackers were able to do so. 

Even though phishing is outdated, it still poses a serious danger to organisations in the light of remote working. Campaigns, often known as the "spray-and-pray" strategy, can be profitable for hackers even if only a tiny fraction of the many messages sent are successful in reaching their recipient. On the other hand, spear phishing, which refers to tailoring and customising an attack to a particular person, group, or organisation, is a more specialised variation of this strategy.”

What can businesses do to counter the cyber threat?

“It's getting harder and harder for regular users to recognise targeted phishing emails and spear phishing attacks. This means that when employees are working from home or outside the office, they must be extra vigilant, working with their employer to defend effectively against phishing. Employees are essential in preventing phishing attacks by adhering to security policies, making ensuring all of their devices are secured by security software, and immediately installing automatic updates. Employers may increase employee knowledge of phishing by providing regular staff training as well as endpoint security measures for both company-owned and employee-owned devices that can be used both online and offline.” 

Share

Featured Articles

Trailblazer - Zendesk CTO, Matthias Goehler

As CTO EMEA at Zendesk, Matthias Goehler uses innovation to tackle future challenges. He shares more on Zendesk’s quest to understand their customers

What makes a great working culture?

In the era of The Great Resignation, what does it take to build a culture that retains staff? And is it simply a case of great ESAT scores?

‘It’s the era of no-code,’ says Smartsheet CEO

Mark Mader, CEO at Smartsheet, spoke to Technology Magazine about the notion of the empowered employee and spreading innovation around the business

Exec Q&A with Steve Neat, GM EMEA, Alation Inc.

Data & Data Analytics

Google Cloud technology to play a part in Women’s EURO Final

Data & Data Analytics

Who will be the winners and losers in Techno-nationalism?

IT Procurement