Virtualization Technology News and Information
ID Agent and Graphus 2022 Predictions: Phishing Attacks will Continue to Evolve in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Phishing Attacks will Continue to Evolve in 2022

By Manoj Srivastava, General Manager, ID Agent and Graphus

Phishing is here to stay, and cybercriminals are only getting smarter and more sophisticated. Phishing attacks more than doubled last year, and unfortunately, in 2022, it will continue to be a preferred method of attack for cybercriminals. In the next year, companies need to be more proactive with their defense plans and budget accordingly to make sure anti-phishing solutions are in place. Additionally, cybersecurity training will need to evolve as the threats do.

Expect more innovative phishing campaigns
Spoofing or authentic email? Differentiating between the two will get more difficult as cybercriminals get more resourceful. Employees should be on the lookout for subject lines that look legitimate, such as "changes to your health benefits" or "unusual login detected." They should think twice before clicking on any potential malicious links or opening attachments. When in doubt, have them check with IT. Other phishing attempts may alert users to declined memberships, fake call-to-actions about subscriptions, or fraudulent billing and payment alerts. Email recipients may also be tricked with savvy deceptive links that then take them to malicious websites. There is no limit to what creative cybercriminals will do, including social engineering attacks that use tactics such as cloning someone's voice to get them to reveal sensitive information.

Implement anti-phishing solutions
 Forgoing anti-phishing solutions is no longer feasible if you want to keep your business safe. AI-based prevention tools that monitor and analyze incoming email communications can help organizations protect themselves against phishing attempts. An effective AI-based solution looks at user behavior such as who they message, at what time of day and from what locations. That information is taken to generate profiles of trusted email senders, which are then compared to incoming emails to authenticate the sender. AI-based monitoring software can also scan images to identify false login pages and recognize modified signatures, and then quarantine malicious emails so the end user never receives the harmful messages. Additionally, companies should consider technology that offers warning banners and flags suspicious emails, giving users the ability to quarantine them or mark it safe with a click.

Enforce cybersecurity training
Organizations cannot apply the "one and done" approach to cybersecurity instruction. As threats evolve, training need to keep pace. Companies should make monthly training one of their New Year's resolutions. A business is only as strong as its people, and employees are the first line of defense, so they need to fully understand their role in protecting their organization. By increasing security awareness, the chance of having a cybersecurity incident is reduced up to 70%. Businesses need to familiarize themselves with the different types of training out there that target various aspects of security. There is training for protecting passwords that covers clean desk policy and strong password practices. Privacy risks and secure connections would be covered in data privacy training while mobile security training would educate employees on Wi-Fi security and device management. Other topics that organizations will need to stay mindful of throughout the year are physical security, industry compliance and cybersecurity threats such as ransomware, account takeover and business email compromise (BEC), among others.

In 2022, phishing will continue to be the gateway to an organization's environment, and companies need to be diligent to protect themselves from intrusions that can cripple their business, hurt their reputation and even lead to lawsuits. Awareness of the evolving landscape and implementing AI-based anti-phishing solutions will go a long way, but keeping up with cybersecurity training will be equally important. In the end, it's a comprehensive approach that will safeguard organizations from cunning cybercriminals.



Manoj Srivastava, General Manager, ID Agent and Graphus

Manoj Srivastava 

Manoj Srivastava is General Manager of ID Agent and Graphus, where he focuses on products that help managed service providers (MSPs) and IT professionals protect their customers - small and mid-sized companies - against cybercrime. He oversees a suite of solutions that includes monitoring for compromised credentials, employee security awareness training, attack simulations, email security, and identity access management.

Manoj is a highly skilled technology leader with more than 20 years of industry experience in cloud computing, SaaS, cybersecurity and big data analytics. He is known for building high-performance teams, developing successful products, scaling operations and implementing plans from initial concept through production.

A pioneer in security solutions, Manoj developed the first Phishing Intelligence feed that proactively discovered phishing attacks against customers of large banks and ecommerce companies. Leading security vendors and portals like Microsoft, Yahoo! and AOL were among its subscribers.

In 2015, Manoj co-founded and served as CEO for Graphus, an automated phishing defense platform powered by an award-winning, patented AI technology - TrustGraph®. He created it to develop advanced email security against phishing, spear phishing, scams, social engineering and malware attacks. Graphus was acquired by Kaseya in 2020.

Prior to co-founding Graphus, Manoj served in executive positions in well-known internet and cyber technology companies. He was Vice President at VeriSign, followed by Chief Technology Officer at Cyveillance, a forerunner in cyber threat intelligence, which was acquired by QinetiQ (LSE:QQ).

Manoj is a named inventor on five issued patents on cybersecurity technologies. He holds a Master's in Computer Science from the University of Maryland and a Bachelor's in Engineering from the Indian Institute of Technology.

Published Friday, December 31, 2021 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>