We discuss key actions that will enable you to protect your company against phishing attacks in China and across Asia.
Phishing email attacks has become a major cause of data breaches and is one of the most dangerous security threats to companies. A white paper published by the Security of China Corporate Mailbox stated that 34.43 billion phishing mails were received in 2019, showing an increase of 68.5 percent compared to 2018. In another report, by the US Federal Bureau of Investigation (FBI), it was stated that between June 2016 and July 2019, companies across the United States and 177 other countries suffered over US$26 billion worth of losses.
During COVID-19, many companies have turned to remote work arrangements, and now more than ever, rely heavily on email communication. As the opportunities for attacks grow larger, traditional phishing emails (sent to a large group of random recipients) have given way to more sophisticated attacks, such as spear phishing, or whaling specific targets.
With 30 percent of phishing emails able to bypass default security measures and another 30 percent of them being opened by target users, what can you do to keep your company protected? In this article, we will introduce the basic characteristics of phishing emails and the risks they pose as well as provide some effective solutions to secure against phishing emails and reduce the related risks to companies.
Phishing is a popular method for cyber attackers used to deliver malware or steal user’s login credential by encouraging victims to open one malicious attachment or visit a link that will secretly install the malicious payload or steal login user name and password or other sensitive info, which is usually the starting point for further attacks or cyber intrusions. The sender of a phishing email typically poses as a reputable business or known person to get the recipient to click on a link or open an attachment.
Phishing schemes are typically mass mailings to non-specific targets but there are other types of phishing mails that are sent to specific or selected targets, such as spear phishing and whaling (also named CEO fraud). Spear phishing means the cyber attacker might do a little research and find out specific information about the target, from the company website, social media, financial reports, or other public information on the internet, then customize an email, and make it appear more legitimate to the selected specific target. Similarly, whaling is a form of spear phishing aimed at “whales” at the top of the food chain. Whaling targets include the CEO, CFO, and other senior executives and this kind of attack is a big project for cyber attackers as it is planned over a period of time – it could be months before the cyber attacker launches the “last step of attack”. Not surprisingly, the damage caused by whaling is much larger than the loss caused by general phishing email attacks.
In general, phishing mail attacks trigger the below mentioned security risks:
Before figuring out the solutions to combat phishing email attacks, there are several questions that a company should ask of its staff:
The answers to those questions are relevant to the company’s capability to detect the possible security threats and identify the most vulnerable staff to phishing email attacks. The company cannot work out the corresponding solution to prevent or reduce the risks caused by phishing mails without these answers.
Finally, we believe that the below three important actions will help your company increase its data security and protect itself against phishing attacks in China and across Asia.
The ability to detect and isolate malicious phishing email is a big challenge on both the technical and management side; however, a business-class email service system with embedded advance security features to protect against the phishing mails will be helpful. For example, Microsoft Defender for Office 365 (previously named Office 365 Advanced Threat Protection) can provide an additional layer of protection for email attachments or links inside the mail, via its “safe attachments” and “safe link” features. The Defender will scan the link and determine whether it is safe or not before redirecting the user to the real website once the user clicks the link inside the mail, and blocks the access with alert to the user if it is a known malicious link.
Similarly, the Safe Attachment feature scans the attachment of the email first, and if malware is confirmed, the attachment will be replaced with a notice to the user.
IAM is a framework of polices and tools used by the IT department to ensure that employees have the appropriate level of access to the company’s assets. The IAM usually includes the following four main features:
As the core components of IAM, multiple factor authentication (MFA) and real-time abnormal logon activity detection are very important and would be the most effective options against phishing email attacks. We provide more details below.
Most MFA is based on the combination of below three types of information for authentication:
Passwords can be easily compromised and one of the main purposes of phishing emails is to steal a user’s login credentials by luring them to log onto a fake website. The deployment of MFA will prevent the attacker from entering a system with a stolen user name and password as their attempt to gain access to a compromised account will be thwarted at the second-factor verification stage.
It is important that your IT team be alerted to suspicious sign-in activity in real-time to respond to a possible cyber security breach ASAP and mitigate security risks. This feature allows the IT staff to track the suspicious activity and alert the original user to reset their password.
AI-based user activity analysis of the IAM platform can evaluate risks based on user log-on locations, IP, device status, accounting status, behavior, and other factors, and then flag any suspicious behavior for your IT team.
For example, the Microsoft 365 platform can ensure the real-time monitoring of all user access activities and AI-based analysis to detect any risky activity and then alert IT staff (such as by sending an email alert showing performance of predefined security control action).
IT admin can further drill down the activity log info and check the activity details to identify the abnormal event, such as the user submitted the correct user name and password but failed to pass the MFA verification from an unusual location:
Being the end-users for phishing emails, employees are a company’s last line of defense against a security attack.
It is vital that employees receive proper training on how to recognize and react to such emails. Having a good awareness and familiarity with the patterns of phishing emails will enable them to protect their (and your company’s) security. Meanwhile, company should also be able to identify the most vulnerable staff and provide corresponding training in addition to general organization-level training program. One good security awareness training program will be vital for meeting above expectations. As the partner of KnowBe4, we believe its Security Awareness Training Service will bring benefits to increase staff security awareness. KnowBe4 specializes in educating employees about the mechanisms of spam, phishing, malware, etc. and making sure they can apply that knowledge in their daily tasks. Their baseline testing, which sends out sophisticated “fake” phishing emails, enables you to see how “phish-prone” your staff is before any real damage occurs.
China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at email@example.com.
We also maintain offices assisting foreign investors in Vietnam, Indonesia, Singapore, The Philippines, Malaysia, Thailand, United States, and Italy, in addition to our practices in India and Russia and our trade research facilities along the Belt & Road Initiative.
Previous Article « China’s 2021 Holiday Schedule
Next Article China’s Patent Law Reviewed: Five Major Amendments »
Dezan Shira & Associates´ brochure offers a comprehensive overview of the services provided by the firm. With...
The year 2020 challenged businesses around the world with the early breakout of the pandemic. Companies around...
Most businesses with experience in China are accustomed to the complex, paper-intensive, and laborious manual ...
Businesses across China were disrupted early this year due to the novel Covid-19 outbreak. The nature of this ...
Dezan Shira & Associates helps
businesses establish, maintain,
and grow their operations.
Stay Ahead of the curve in Emerging Asia. Our subscription service offers regular regulatory updates,
including the most recent legal, tax and accounting changes that affect your business.