IT security company provides tips to help enterprises defend against new class of attack
IT security company Barracuda Networks has described lateral phishing as a significant threat to business security.
Lateral phishing sees hijacked e-mail accounts being used to send phishing emails to the user’s contacts.
According to a recent study carried out by researchers from Barracuda, UC Berkeley and UC San Diego, one in seven organisations experienced lateral phishing attacks over the past seven months.
Of those organisations, over 60% had multiple compromised accounts. Researchers identified 154 hijacked accounts that sent hundreds of lateral phishing e-mails to over 100,000 recipients.
However, Barracuda highlights three ways to protect against these attacks.
1. Security awareness training – to make sure users are educated about this new class of attacks.
2. Advanced detection techniques – that use artificial intelligence and machine learning to automatically identify phishing emails.
3. Two-factor authentication – such as app- or hardware-based tokens can limit attackers’ access to compromised accounts.