According to www.ncsc.gov.uk, the UK has today (Thursday 26th January 2023) warned of the threat from targeted spear-phishing campaigns against organisations and individuals carried out by cyber actors based in Russia and Iran.
What is spear-phishing?
Spear-phishing is where the phisher has targeted a specific person or organisation and has spent time to create an email containing enough accurate information to make them click. You may also hear the term whaling, which is a type of spear-phishing that targets a 'big phish', typically business directors, board members or those with access to information that would be tempting to a phisher.
How can you defend against a spear phishing attack?
The National Cyber Security Centre recommends a multilayer approach to defending against phishing attacks, including spear phishing. Rather than relying solely on users ability to spot phishing emails, they suggest that technical measures should also be included.
They split their recommended defences into four layers:
- Make it difficult for attackers to reach your users
- Help users identify and report suspected phishing emails
- Protect your organisation from the effects of undetected phishing emails
- Respond quickly to incidents
How can IT3000 help you?
We can help with:
- Configuring multi factor authentication
- Backup and disaster recovery services
- End user education
- Vulnerability and security scans
- Email filtering
If you would like advice on how to implement a multilayered approach to prevent phishing impacting your business, please contact us today and our helpful team will be more than happy to talk you through the various options available to your business.