SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Data Privacy Day sees phishing risk surge – report
Tue, 23rd Jan 2024

As the world gears up to mark Data Privacy Day on January 28, the co-founder and Chief Information Security Officer (CISO) of PrivacyEngines, Mike Morrisey, draws attention to the growing risk of phishing. Morrisey underlines the need to understand and combat this threat, highlighting that an alarming 1,270,833 phishing attacks were reported globally in the third quarter of 2022, making it the most pervasive form of cybercrime.

A year-on-year increase in phishing attacks has been clearly evident across all sectors. The data reveals a startling surge of 488% in Response-Based Email attacks, whereas ransomware strikes continue to fall slowly. Phishing, a method of social engineering designed to trick individuals into disclosing sensitive information or installing malware, stands as the top cybercrime menace.

Morrisey described various phishing techniques, listing Email Phishing, Spear Phishing, Whaling, Clone Phishing, and several more. Each style is designed to exploit vulnerabilities in different ways, he explained. Speaking about technical defences, Morrisey, under the guidance of PrivacyEngine, encouraged Multi-Factor Authentication and regular system updates for enhanced security. He also acknowledged standard security policies for link and attachment scanning and phishing filtering, tailored protocols for protecting high-risk staff and executives, as well as quarantine services and SPF/DMARC/DKIM protocols to prevent email spoofing.

To fortify the human element against these malicious techniques, some key strategies were suggested. These included carrying out attack simulations to highlight vulnerabilities, using online training platforms like PrivacyEngine to help employees detect phishing, and providing regular updates on training effectiveness. The important role of Data Protection Officers (DPOs) was also underlined, emphasising their responsibility to assess and manage phishing risks, as well as to monitor and report on the successes of anti-phishing tactics.

To commemorate Data Privacy Day, PrivacyEngine is encouraging organisations to re-evaluate their data protection strategies and is offering its expertise to help counter the evolving threat of phishing. In an engaging initiative, the company is also providing a free phishing quiz, aimed at testing and improving awareness of phishing tactics. This quiz invites up to 100 people to decide whether 8 sample emails are real or fake. Subsequently, it helps identify which departments are more phishing-aware than others.

Mike Morrisey, the CISO and co-founder of PrivacyEngine, has amassed considerable international expertise in corporate information security governance and risk modelling implementation over his career. He brings a comprehensive understanding of ISO 27001:2013 and its various potential pathways to accredited certification, as well as extensive knowledge of global privacy and information security regulation and standards.

PrivacyEngine is a leading player in the provision of data privacy solutions and services, serving a diversity of sectors, such as retail, hospitality, medical research, financial services and government, among others. Their platform takes a thorough approach to achieve compliance with GDPR, CCPA, and HIPAA by incorporating a risk knowledgebase, workflows, reporting, learning management, and other tools to support best practices in privacy protection.