According to the 2021 Verizon Data Breach Investigations Report, phishing attacks were responsible for 36% of data breaches in 2020, up from 25% in 2019.
Critical Information Infrastructures (CII), including the aviation industry and power sector, are particularly vulnerable to a variety of cyberattacks, and phishing is one of the tactics that attackers may use to exploit vulnerabilities and gain unauthorized access to the systems and data. As per a recent market research, nearly 1.2% of all emails sent are malicious in nature, which in numbers translated to 3.4 billion phishing emails daily. These statistics are further evidenced by real-world incidents in the aviation industry, such as the spear-phishing attack that targeted an international airport in Greece in 2017. Additionally, in 2013, 75 airports in the United States fell victim to a phishing attack, underscoring the widespread vulnerability of CII to such attacks.
In the power sector, phishing attacks can also cause disruptions including widespread power outages, affecting large populations and posing a significant threat to public safety. A High profile phishing attack occurred in 2015 in the Ukrainian power grid causing a power outage that affected around 225,000 customers and demonstrating the severity of such attacks on critical information infrastructures.
Contributing Factors to the Effectiveness of Phishing Attacks
Phishing attacks in CII are influenced by a variety of factors, including human vulnerabilities, and socio-political factors as explained below:
- Human Factors:
The 2022 Global Risks Report from the World Economic Forum revealed that 95% of cybersecurity threats were caused by human error. This includes a lack of awareness, poor security practices, and the tendency to trust unverified sources. In addition, the 2022 Data Breach Investigations Report (DBIR) further supported this finding, stating that 82% of breaches involved the human element, including social attacks, errors, and misuse.
Phishing attacks in CII often exploit human vulnerabilities, in which attackers use social engineering techniques to craft convincing messages that trick users into divulging sensitive information or clicking on malicious links. These techniques include pretexting, baiting, and spear-phishing. Additionally, attackers often use psychological tactics such as urgency, fear, and curiosity to elicit a response from the victim.
- Socio-Political Factors:
Phishing attacks in CII can also be influenced by socio-political factors such as geopolitical tensions, economic interests, and ideological conflicts. For example, state-sponsored attackers may use phishing attacks to steal sensitive information related to national security or intellectual property. In some cases, attackers may also use phishing attacks for political purposes, such as to influence public opinion or disrupt critical services.
Apart from Human factors and socio-political factors, phishing attacks themselves may not directly exploit technical vulnerabilities, they can be used as a means to deliver malware or other malicious payloads to vulnerable systems. In many cases, the absence of robust security controls such as antivirus software, firewalls, or intrusion detection systems can allow attackers to exploit these vulnerabilities and gain access to critical systems and data.
Prevention and Mitigation Strategies
- Implement Strong Technical Controls: Technical measures include email authentication protocols such as Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF), web content filtering, user and entity behavior analytics (UEBA), and anti-phishing solutions that use machine learning and artificial intelligence can be implemented to prevent phishing emails from reaching their targets. Multi-factor authentication, strong passwords, and regular software updates and patches can also help to reduce the risk of successful phishing attacks.
- Develop Strong Incident Response Plans: CII organizations should have an incident response plan in place to quickly respond to and mitigate the effects of phishing attacks. This plan should outline the roles and responsibilities of different stakeholders, procedures for reporting and containing incidents, and steps to restore systems and data.
- Conduct Regular Risk Assessments: Regular risk assessments can help to identify vulnerabilities and weaknesses in CII systems and processes (workflows, procedures, and operations). Based on these assessments, appropriate measures can be implemented to reduce the risk of successful cyber attacks.
- Introduce and Practice Security Policies and Procedures: CII organizations should develop and implement security policies and procedures that address the risks associated with phishing attacks. These policies should cover areas such as access control, data classification, and incident management.
- Schedule Periodic Cyber Security Awareness and Training Sessions: In cybersecurity, humans are the first line of defense, and therefore educating users on how to identify and avoid phishing attacks is critical. CII organizations should provide regular training and awareness programs to employees, contractors, and other stakeholders to enhance their understanding of cybersecurity risks and to equip them with the knowledge and skills necessary to protect critical information assets. Such training and awareness programs can also help to increase employee engagement and participation in cybersecurity initiatives, reduce the likelihood of human error or negligence, and improve incident response and recovery times in the event of a security breach. Furthermore, regular training and awareness sessions can promote a cybersecurity-conscious culture within the organization, which can help to reduce the overall risk of cyber threats and attacks.
The future outlook for phishing attacks remains a concern, and CII organizations need to remain vigilant and proactive in implementing robust cybersecurity measures. As technology continues to advance, access control, data encryption, monitoring, and incident response will become even more critical in protecting against the ever-evolving threat of phishing attacks. CII organizations must take action now to prevent and mitigate the devastating effects of phishing attacks on their critical infrastructure and the public.
How Gramax Cybersec can help in the prevention and mitigation of phishing attacks?
Gramax Cybersec, a GMR Group company, offers a comprehensive cybersecurity portfolio that incorporates industry-leading security services and solutions. Our security experts work closely with clients to identify potential vulnerabilities and design effective phishing prevention and mitigation strategies that are tailored to their specific needs. This include, but not limited to, implementing advanced email filtering and authentication solutions, providing employee training and awareness programs, conducting regular security assessments and audits, and developing incident response plans to enable rapid detection and response to phishing attacks. Our Managed Security Services provide round-the-clock monitoring and swift response to ensure that any attempted phishing attacks are quickly detected and mitigated before they can cause significant harm to your organization.