Combating phishing attacks in the cloud and the age of remote working

With the acceleration of cloud migration in the wake of COVID-19, cyber attackers are rapidly adapting their phishing tactics to take advantage of this new business environment. And while many tech-savvy workers know what a traditional phishing scam looks like, they may not be as vigilant when working in a remote cloud environment. 

Several organisations have sounded the alarm about remote working and cybersecurity: 

• McKinsey warned in July 2020 that organisations must urgently shift their cybersecurity priorities (and spending) towards establishing secure connections for remote workers. 
   
• Deloitte reported on a spike in phishing, malware and ransomware attacks from cybercriminals trying to capitalise on COVID-19 fears.  
   
• The Australian Government’s Annual Cyber Threat Report noted that “malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication”. 

Why phishers are doubling down on email scams
 
In terms of phishing scams, email is by far the most popular method of attack, because no matter how sophisticated a company’s cybersecurity measures are, it can be difficult to guard against humans clicking on something they shouldn’t.  

Additionally, 81% of organisations surveyed by Mimecast revealed that remote working has led to sharp growth in the number of emails sent, despite the increasing popularity of collaborative platforms. The risk is that as companies transition to the cloud, workers also must adapt to new ways of working, and this can lead them take cybersecurity for granted and be less alert about email scams. 

What does a cloud environment phishing scam look like?
 
A typical phishing scam in a cloud environment involves a cyber attacker impersonating a company to invite the victim to view a document on a cloud-sharing service such as Microsoft OneDrive or SharePoint. The victim is then directed to a log-in page (which looks like the typical log-in process they would go through several times a week), where they enter their username and password credentials.  

From there, common types of attacks include malware, ransom attacks, data theft, and business email compromise (BEC), where attackers impersonate a company to defraud other parties. According to Mimecast’s research, 6 in 10 companies were disrupted by a ransomware attack in 2020 and 5 in 10 reported an increase in business email compromise attacks.   

While collaboration tools such as MS Teams and Slack are a popular alternative to traditional email, security experts are concerned that successful phishing attacks would give cyber attackers access to a wealth of information saved in archived chats on these platforms.  

Remote working and human error
 
Since the onset of COVID-19, employees around the globe are clicking on malicious URLs in emails three times as often as they had before. There are several reasons why remote workers are more likely to click on a malicious link. 

• Attacks have increased: Mimecast reported a 64% rise in threat volume from 2019 to 2020 as cyberattackers preyed on remote teams. 
   
• Preying on fear: Phishing emails that claim to be from health authorities or government bodies with information about COVID-19 have been particularly effective. 
   
• Lack of supervision: employees who might usually check with a supervisor or with a colleague at the next desk before clicking on something in an office environment cannot do so as easily in a remote setting.  
   
• Household distractions: Employees who are having difficulty adjusting to remote working or are diverted by distractions such as children and pets may be less vigilant when clicking on an emailed link.  

• Lack of cybersecurity awareness: Mimecast revealed that despite 43% of companies citing employee naiveté about cybersecurity as one of their greatest vulnerabilities, only 1 in 5 companies provide ongoing cyber awareness training.  
   
• Poor password practices: 70% of surveyed organisations believe poor password hygiene among employees is putting their company at risk.  

How to combat Cloud-borne phishing attacks
  
Companies should take a layered approach to combat phishing and lower the risk of data breaches and other malicious attacks.  

1. Implement a cyber resilience strategy: Not having a strategy in place will hinder your organisation’s ability to quickly respond and recover from an attack.
     
2. Invest in ongoing cybersecurity awareness training: While most organisations include cyber awareness training in their employee onboarding programs, it is crucial to make this training ongoing. Cyber threats are constantly evolving, which means training programs need to keep pace: for example, employees should be trained to regularly change their passwords and to recognise what a typical attack in a cloud environment looks like.  
    
3. Implement an appropriate email security system: Best-practice email security involves monitoring internal email threats, outbound email threats, protecting against data exfiltration, and removing malicious emails already in user inboxes.  
    
4. Consider investing in AI and machine-learning: 38% of organisations are bolstering security with AI and machine learning tools that learn and adapt to evolving threats. However, organisations should beware of solutions that claim to be a “silver bullet” for preventing cyberattacks.  
    
5. Test the team regularly: Send the team fake phishing attacks to discover what percentage of workers click on links that they shouldn’t. This will enable you to gauge the effectiveness of your awareness training and launch targeted training for those who clicked.