iNews Vol - 154

#CMOInsights – Who’s Phishing in your Pond?

Phishing attacks continue to be a major cybersecurity challenge for organizations in India. These deceptive attempts to steal sensitive information like login credentials and financial data have caused significant losses for businesses and individuals alike.

At the heart of phishing is social engineering - the manipulation of human psychology to breach security protocols. Cybercriminals craft legitimate-looking emails, texts, or websites to lure unsuspecting victims into divulging private information or clicking malicious links. As we increasingly rely on digital systems, the potential attack surface for phishers expands.

The 2024 Data Breach Investigations Report from Verizon highlights that Indian employees remain susceptible, frequently falling for phishing lures that impersonate trusted sources. However, there are encouraging signs - around 20% of users now proactively identify and report suspected phishing attempts during security tests.

To effectively combat phishing, a multi-layered approach combining technological solutions and human awareness is key:

• Robust email filtering and web security gateways to detect and block phishing attempts before they reach employees.
• Regular security awareness training to educate staff on identifying phishing red flags like urgent language, misspelled domains, etc.
• Multi-factor authentication to prevent account takeovers even if credentials are compromised.
• Prompt software patching to close vulnerabilities that enable phishing exploits.
• Established incident response protocols to contain any successful phishing breaches quickly.

Phishing is a persistent threat that won't disappear anytime soon. By implementing a comprehensive anti-phishing strategy focused on people, processes, and technology, organizations can significantly reduce this risk to their data and reputation.

You can read more about Phishing from our latest blogs:

• Understanding phishing attacks and how phishing-resistant MFA can help

• Phishing & Quishing: How to protect our organization

Cyber attacks surge globally in Q1 2024, India among most targeted nation: Report

In Q1 2024, cyber threats escalated globally, with India targeted by 2,807 weekly attacks.

MoD contractor hacked by China failed to report breach for months

Defence ministry was told in recent days that staff details accessed but sources say SSCL knew in February.

64% firms report ransomware attacks in India; 65% opt to pay ransom: Report

A report by Sophos found that 65% of those hit by ransomware were inclined to pay the ransom to recover the data with the average cost for data being $1.35 million

UK armed forces’ personal data hacked in MoD breach

Defence secretary to address MPs after names and bank details of armed forces members targeted by unnamed attacker

Nissan reveals ransomware attack exposed 53,000 workers' social security numbers

Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN.

Boeing refused to pay $200 million ransomware demand from LockBit gang

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023.

US brothers arrested for stealing $25m in crypto in just 12 seconds

Two brothers who studied at one of the most prestigious universities in the US have been charged with stealing $25m (￡20m) in cryptocurrency in 12 seconds.

Australia's Iress says OneVue platform exposed to data breach

Australia's Iress Ltd said on Wednesday a stolen credential from its third-party user space was used to gain access to client data

Want to see your story featured in our newsletter? Have a specific topic you'd like us to cover? Let us know in the comments, and don't forget to like and share with your friends! Until next week!