Strategies for Safeguarding Against Phishing Attacks in ... · PDF fileStrategies for Safeguarding Against Phishing Attacks in the Cloud Akino Chikada Brand Protection, Product Marketing,

© 2015 MarkMonitor Inc. All rights reserved.

Strategies for Safeguarding Against Phishing Attacks in the Cloud

Akino Chikada

Brand Protection, Product Marketing, MarkMonitor

Agenda

� Evolution of Phishing

� Trends

� Target Attacks To SaaS / Cloud-Based Companies

� How Fraudsters Monetize

� Impact to Businesses

� Considerations & Best Practices

2

The Fraudsters

Setup Phishing

AttackLaunch Phishing

CampaignCollect Credential

& Monetize

Fraudster Lifecycle

� Historically, the financial industry has always been a primary target for phish attacks

� Fraudsters are now evolving and expanding strategies to target new industries

3

Trends

� Service oriented companies are highly targeted - fraudsters are looking to monetize beyond the financial industry

0

5,000

10,000

15,000

20,000

25,000

30,000

35,000

40,000

Jan-14 Feb-14 Mar-14 Apr-14 May-14 Jun-14 Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14 Jan-15 Feb-15

Service Industry*

*excludes the financial industry4

Where There’s Money…Fraudsters Follow

� A third of businesses worldwide are moving applications from locally hosted servers to SaaS environments*

� Global SaaS software revenues are forecasted to reach $106B in 2016, increasing 21% over projected 2015 spending levels**

� SaaS introduces new concerns: financial & data theft opportunities

* Gartner

** Forrester5

…And Now They Are Getting Phished

� We’ve seen a tremendous spike in phish attacks amongst SaaS / Cloud-based companies

� In the past year, we’ve seen approximately 400% increase in phish attacks

6

Different Types of Attacks

� Specific Attack:

Specifically going after a companies’ credentials

� Generic Attack:

Utilizing a brand to get email credentials

� Malware Attack:

Utilizing a brand and trick targets to download malware (email campaigns attachments, mobile app downloads)

7

How Fraudsters Monetize

� Fraudsters know how to monetize different types of credentials and data

• Deepening data on user for various types of fraud

• Broadening credential coverage to launch more campaigns

• Reselling cloud credentials

• Reselling resources

• Hijacking resources

8

Fraud Damages Businesses

The Impact to Business

Impacts your top and bottom lines

Damages Online

Channel

Customer distrust

Abandoned Internet channel

Diminished revenues and higher costs

Increases

Costs

Incident fire-fighting

Fraud remediation

Customer service and support

Weakens Customer

Relationships

Poor customer experience

Eroded brand loyalty

Customer defection to competitors

9

Assess Security Risks Before Moving to Cloud

Considerations

� Before starting a cloud project, assess the risks you and your customers might be exposed to:

• Does your cloud product store what might be sensitive business information?

• May your cloud product store lists of user credentials?• Can your cloud product be resold?

� Assess the potential damage of a phishing attacks on your customers

� Find out if your brand or product is getting phished

� Check for products offering a “phishing monitoring” and/or “insurance” service

10

Examples of SaaS / Cloud-based Companies

11 | Confidential

0

500

1000

1500

2000

2500

3000

3500

Ma

r-14

Ap

r-14

Ma

y-1

4

Jun

-14

Jul-

14

Au

g-1

4

Se

p-1

4

Oct

-14

No

v-14

De

c-14

Jan

-15

Fe

b-1

5

Company A phish trend

0

1000

2000

3000

4000

5000

6000

7000

8000

Jan

-11

Ap

r-11

Jul-

11

Oct

-11

Jan

-12

Ap

r-12

Jul-

12

Oct

-12

Jan

-13

Ap

r-13

Jul-

13

Oct

-13

Jan

-14

Ap

r-14

Jul-

14

Oct

-14

Jan

-15

Company B phish trend

Once a SaaS company reaches significant market presence,

there’s risk that they become a target for phish attacks.

SaaS / Cloud-based Companies

18%

23%

64%

Specific Phish

Malware

Generic Phish

� Specific phish attacks can be considered higher risk than generic attacks

• More likely to directly impact your business revenue

� All attacks will still impact brand reputation

� Take action and shutdown all fraudulent activities

12

Impact of Various Phish Attacks

Online Fraud Lifecycle F

RA

UD

ST

ER

PR

OT

EC

TIO

N

Setup Phishing

Attack

Launch Phishing

CampaignCollect Credential

& Monetize

Prevention Detect & Validate Mitigate

Shutdown

13

Be Prepared to Protect Your Customers

In Summary

� Cloud computing is changing the way businesses operate and will continue to evolve

� Start thinking in new ways about protecting the valuable data - take steps toward mitigating risks and be prepared for the worst

14

Thank You!

� For information on MarkMonitor solutions, services and complimentary educational events

• Contact us via email:

[email protected]

• Visit our website at:

www.markmonitor.com

• Contact us via phone:

US: 1 (800) 745 9229

Europe: +44 (0) 203 206 2220