Skip to the content
In this article Gavin Wood, CTO at Chess covers:  

The hybrid workplace and the rise of phishing

Email, businesses depend on it, and regardless of whether you love it or hate it, it’s here to stay. Even with the seemingly unstoppable rise of teams/zoom (other collaboration tools are available), email remains the primary business communication tool in most organisations. Cybercriminals are fully aware of this and are able to use email as a gateway into a business. This is known as Phishing.

Today, I will deep dive into what Phishing is and how you can ensure you and your business are better protected.

What is Phishing?

Phishing is a type of social engineering attack, where an attacker sends a fraudulent email to a victim with the aim of triggering a response, such as revealing sensitive information, trigging a malicious payload such as ransomware, or even voluntary transferring funds to the attacker’s account. 

There are several types of Phishing: 

Bulk Phishing: Bulk sending emails that are not personalised or targeted. A spray and pray approach.

Spear Phishing: Directly targeting a person or business through personalisation of the email message and content, with the aim of increasing the effectiveness of the attack. The attacker may be looking for the credentials of someone with poorly configured privileges, such as domain admin. 

Whaling: Spear Phishing through targeting the senior/executive team or other high-value targets within a business.

CEO Fraud: The opposite of Whaling, by sending a Spear Phishing attack to someone in the business from the CEO with the aim of getting that person to do as asked. 

 

How a shift to a hybrid workplace has impacted attacks

So why has the shift to hybrid working been the focus for cybercriminals?

One of the main factors is the global COVID pandemic, which forced businesses to adopt new ways of working very quickly. This rapid transition to new technologies lead to many businesses not fully assessing the impact, especially on IT security. For example, has your new hybrid working model been through the same level of security sign off as your previous office-centric approach? Have you tested this new setup with an independent third party to verify your security assumptions? These scenarios and security stages were evidently missed in large due to the speed of transition.

Secondly, cyber attackers are capitalising on people. No matter what technical controls are in place, the human element cannot be underestimated. According to Tessian, 43% of people admitted to making a mistake at work that had security repercussions. Phishing works because people can be hacked. Hackers take advantage of our natural phycological tendencies to trick us into behaviours that allow them to be successful. 

The new hybrid working approach is a factor in this. However, remote working and all its advantages can bring new stressful elements, from household distractions such as childcare. Being “always available” can cause us to be more vulnerable to clicking that email. Tessian reported that, 57% of their survey respondents feel more distracted when working from home. 


Microsoft 365 Live Hack

Compromised in less than 15 minutes

Watch Now


So what can be done to help halt the rise of Phishing? 

I don’t think anything we can do will stop criminals; it’s just too easy and profitable for them to stop. The main way to combat attacks is to have a strong set of technical controls in place to remove the possibilities of a Phishing email reaching a person’s inbox.

Adopting a layered approach to security is useful to ensuring you're protected. Filter the mail using a trusted provider before it even hits your infrastructure and have appropriate filtering rules in place for your mail processing system. Also make sure to ensure that DKIM, SPF, and DMARC configurations are in place and working correctly. 

Ultimately, use an industry leader in endpoint technologies that can block any threats that do make it through! Test your defences and use a trusted provider to assess your security. 

Finally, and most importantly, educate your people. If Phishing works because it takes advantage of our behaviour, train your people to be aware and know what action to take if they suspect they are being Phished. 


 Email: The Danger Within

Webinar | 11am | 23 September

Learn why your email needs additional security and how to best protect against threats.

Register Now

 


For more advice, contact us today by filling the form below

Recommended Content

Active Monitoring Keeps You Secure

Your top vulnerabilities

Gavin Wood, CTO at Chess, takes a trip down memory lane, summarising his years of experience in the industry and the new level of protection all organisations need.

 

Buyer's Guide Managed Security Services

Buyer's Guide Managed Security Services

Find out what to look for and avoid when sourcing Managed Security Service Providers.

Gavin Wood

Gavin Wood

Gavin Wood is the Chief Technology Officer at Chess. With over 20 years in the IT industry, Gavin has a track record of driving successful business transformation through technology. An avid yachtsman, he's a massive advocate for remote working and anywhere operations. 


Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
Sales
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.