The following is an excerpt from Duo’s latest guide - Phishing: A Modern Guide to an Age-Old Problem. Download the complete guide here.
Phishing the New Enterprise
Organizations comprise people, and those people’s behaviors are driving change at the consumer level and at the enterprise level.
They use smartphones, tablets, smartwatches and more to meld work and personal computing. They’re increasingly remote, distributed and working odd hours, from different locations – communication, data and apps are expected to be available, on demand.
As a result, staying competitive in today’s market demands business agility and adaptation — and development and support for the technology that enables it — cloud computing, web applications, mobile and connected devices.
Yet, it’s so easy to exploit this new enterprise model for malicious gain. Phishing is a low-effort, successful method for attackers seeking unauthorized access to your organization’s data.
With a password, it’s trivial for an attacker to gain remote access to your company’s network where they can move laterally within – undetected and undeterred. This type of attack bypasses traditional security measures (like firewalls) that focus on protecting the perimeter of your network, but fail to protect the inside.
This guide gives you a look into:
- How phishing works, how it has evolved, and the new tactics used to appear legitimate to users
- Statistics into who and what industries phishers are targeting, what people click on the most, and what is being stolen
- What to look out for, tips for both admins and users on how to protect against phishing, and how a zero-trust security model can help protect your organization
Protecting your network both externally and internally requires more controls than a traditional perimeter security model and must rely on trust in user identity and device health. This will help secure the new "identity-based perimeter."