“Some phishing emails are very realistic and authentic,” said Varley. “We have seen attackers use more sophisticated methods of phishing campaigns, sending phishing emails from real accounts of companies in a customer’s supply chain. These can be very difficult to identify the threat. However, we continue to see intrusions from phishing emails, which should be much easier to detect, especially from people who have received phishing awareness training. “
“The key to protecting against this type of attack remains largely in training employees through methods such as running simulated phishing campaigns to raise awareness. We also recommend multi-factor authentication across systems, maintaining robust backups, and adopting the principles of least privilege and network segregation to protect against attackers moving sideways through IT, ”she said.
#Hackers #suppliers #access #corporate #systems #data