© 2015 MarkMonitor Inc. All rights reserved. Strategies for Safeguarding Against Phishing Attacks in the Cloud Akino Chikada Brand Protection, Product Marketing, MarkMonitor
© 2015 MarkMonitor Inc. All rights reserved.
Strategies for Safeguarding Against Phishing Attacks in the Cloud
Akino Chikada
Brand Protection, Product Marketing, MarkMonitor
Agenda
� Evolution of Phishing
� Trends
� Target Attacks To SaaS / Cloud-Based Companies
� How Fraudsters Monetize
� Impact to Businesses
� Considerations & Best Practices
2
The Fraudsters
Setup Phishing
AttackLaunch Phishing
CampaignCollect Credential
& Monetize
Fraudster Lifecycle
� Historically, the financial industry has always been a primary target for phish attacks
� Fraudsters are now evolving and expanding strategies to target new industries
3
Trends
� Service oriented companies are highly targeted - fraudsters are looking to monetize beyond the financial industry
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
Jan-14 Feb-14 Mar-14 Apr-14 May-14 Jun-14 Jul-14 Aug-14 Sep-14 Oct-14 Nov-14 Dec-14 Jan-15 Feb-15
Service Industry*
*excludes the financial industry4
Where There’s Money…Fraudsters Follow
� A third of businesses worldwide are moving applications from locally hosted servers to SaaS environments*
� Global SaaS software revenues are forecasted to reach $106B in 2016, increasing 21% over projected 2015 spending levels**
� SaaS introduces new concerns: financial & data theft opportunities
* Gartner
** Forrester5
…And Now They Are Getting Phished
� We’ve seen a tremendous spike in phish attacks amongst SaaS / Cloud-based companies
� In the past year, we’ve seen approximately 400% increase in phish attacks
6
Different Types of Attacks
� Specific Attack:
Specifically going after a companies’ credentials
� Generic Attack:
Utilizing a brand to get email credentials
� Malware Attack:
Utilizing a brand and trick targets to download malware (email campaigns attachments, mobile app downloads)
7
How Fraudsters Monetize
� Fraudsters know how to monetize different types of credentials and data
• Deepening data on user for various types of fraud
• Broadening credential coverage to launch more campaigns
• Reselling cloud credentials
• Reselling resources
• Hijacking resources
8
Fraud Damages Businesses
The Impact to Business
Impacts your top and bottom lines
Damages Online
Channel
Customer distrust
Abandoned Internet channel
Diminished revenues and higher costs
Increases
Costs
Incident fire-fighting
Fraud remediation
Customer service and support
Weakens Customer
Relationships
Poor customer experience
Eroded brand loyalty
Customer defection to competitors
9
Assess Security Risks Before Moving to Cloud
Considerations
� Before starting a cloud project, assess the risks you and your customers might be exposed to:
• Does your cloud product store what might be sensitive business information?
• May your cloud product store lists of user credentials?• Can your cloud product be resold?
� Assess the potential damage of a phishing attacks on your customers
� Find out if your brand or product is getting phished
� Check for products offering a “phishing monitoring” and/or “insurance” service
10
Examples of SaaS / Cloud-based Companies
11 | Confidential
0
500
1000
1500
2000
2500
3000
3500
Ma
r-14
Ap
r-14
Ma
y-1
4
Jun
-14
Jul-
14
Au
g-1
4
Se
p-1
4
Oct
-14
No
v-14
De
c-14
Jan
-15
Fe
b-1
5
Company A phish trend
0
1000
2000
3000
4000
5000
6000
7000
8000
Jan
-11
Ap
r-11
Jul-
11
Oct
-11
Jan
-12
Ap
r-12
Jul-
12
Oct
-12
Jan
-13
Ap
r-13
Jul-
13
Oct
-13
Jan
-14
Ap
r-14
Jul-
14
Oct
-14
Jan
-15
Company B phish trend
Once a SaaS company reaches significant market presence,
there’s risk that they become a target for phish attacks.
SaaS / Cloud-based Companies
18%
23%
64%
Specific Phish
Malware
Generic Phish
� Specific phish attacks can be considered higher risk than generic attacks
• More likely to directly impact your business revenue
� All attacks will still impact brand reputation
� Take action and shutdown all fraudulent activities
12
Impact of Various Phish Attacks
Online Fraud Lifecycle F
RA
UD
ST
ER
PR
OT
EC
TIO
N
Setup Phishing
Attack
Launch Phishing
CampaignCollect Credential
& Monetize
Prevention Detect & Validate Mitigate
Shutdown
13
Be Prepared to Protect Your Customers
In Summary
� Cloud computing is changing the way businesses operate and will continue to evolve
� Start thinking in new ways about protecting the valuable data - take steps toward mitigating risks and be prepared for the worst
14
Thank You!
� For information on MarkMonitor solutions, services and complimentary educational events
• Contact us via email:
• Visit our website at:
www.markmonitor.com
• Contact us via phone:
US: 1 (800) 745 9229
Europe: +44 (0) 203 206 2220