It’s Cybersecurity Awareness Month! In honor of the theme — Do Your Part. #BeCyberSmart — we’re doing our part by educating IT teams and organizations on protecting themselves. Throughout October, the JumpCloud blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back in throughout the month for new cybersecurity content or check out our archive of existing security articles for cybersecurity insights written specifically for the IT professional.
As part of Phight the Phish week, we want to discuss how organizations can mitigate or prevent the damage done to their resources and infrastructure due to successful phishing attacks on users.
In 2020, 75% of organizations around the world experienced a phishing attack, and 74% of attacks targeting U.S. organizations were successful (Expert Insights). Phishing attacks affect all organizations, and they’re often successful, no matter the targeted industry, organization size, or level of security training provided to users. However, there are controls that IT administrators can put in place to minimize the threat and consequences of phishing attacks, two of which are: implementing single sign-on (SSO) and layering it with multi-factor authentication (MFA) while also limiting password changes to on a device rather than on various websites.
For context, in this article, we’re going to define:
- A successful phishing attack as an event in which a bad actor successfully steals a user’s credentials (primarily passwords) via phishing.
- An organizational phishing attack as an event in which a user’s stolen credentials are used to access organization-owned resources.
Phishers utilize a number of different tactics and techniques, with a variety of intentions set to get them deeper into an organization or to profit from stolen data. Read more about the fundamentals of phishing here.
The Prevalence of Phishing
Because phishing attacks are so common all around the world, it’s essential that your organization puts the proper controls in place to mitigate risk and reduce potential vulnerabilities. Plus, in the modern era, the prevalence of remote work leads to increased risk for organizations because employees are not working from a physical office every day (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Brenna Lee. Read the original post at: https://jumpcloud.com/blog/prevent-phishing-sso-mfa-policies