Gary Gardiner is Head of Security Engineering, Asia Pacific & Japan, Check Point Software Technologies. In this role, he works with Check Point’s regional team of pre-sales security engineers to help customers remain secure, even in complex environments. In addition, Gary is a cyber security evangelist, speaking at industry forums, online and on television.
Gary brings to his role over 22 years in the security sector. He grew up in Scotland, lived in Australia, and is now based in Singapore. In his free time, he can be found out running the humid streets of Singapore or climbing a mountain somewhere around the world.
In this interview, Gary Gardiner provides premium business insights concerning targeted phishing campaigns, the prevention of multi-billion dollar data breaches, security architecture and phishing in the cloud. This is an interview that you won’t want to miss. Revise your approach, incorporate agile strategies, and outsmart the hackers.
What have you seen in terms of how the pandemic has influenced phishing attacks?
In the past, what we have seen is that phishing attacks tend to be focused on a company or an individual or a major event, such as the Olympics or a large news event.
The pandemic has been a major influence in our lives for two years now. As the pandemic has evolved, so have attacks.
We started off with the initial coronavirus-related stories. Then we moved on to travel bans and lock downs. Then on to vaccine development, vaccine deployment and, intermingled with that, we had new variants being discovered and reported on.
We are now at the stage of opening up and travel is back on the agenda for most people. Each of these events have been a major attack vector for phishing attacks over the past two years.
Please tell us a bit about the evolution of phishing scams
Phishing scams are not new. They’re an easy way for an attacker to interact with multiple victims; increasing their attack vector and subsequent success. What we have seen is that the attackers are now looking at more unique ways to trick victims. Initial attacks back in the 1990s were just looking to deliver malware to the victim. Now, hackers phish people to steal credentials, launch ransomware attacks and extort brands. We have also evolved from emails to SMS and mobile phone attacks. Hackers are taking advantage of the small screens to trick people into mis-reading URLs and mail content.
What is being done about the “Scam Factories”?
What we have to do is look at the defense and education of the possible victims. The attackers will only keep using this vector if it is easy and successful. The harder we make it to get them to benefit from these actions, the more they will not see any value in the efforts they have to make.
How is it that phishers manage to continually remain one step ahead of security professionals?
We have to take in to account the human factor in this, as well as the technical factors. As security professionals, we are always improving the way that we can defend ourselves against the phishing attacks. Unlike a system or code vulnerability that has a specific way to be compromised and executed, the system being attacked with phishing is the human system. Threat actors can attack in multiple ways and with multiple formats on a system that is out control of the security administrator. This makes it a more difficult vector to protect, but not impossible. We have made great strides in systems that use AI and ML to predict with great accuracy when an email is malicious.
How do we reverse this trend? How can businesses do a better job of fighting phishing?
At Check Point, we've removed the risk completely by preventing any attack vectors in the email -or its attachments- from reaching the user. This makes a malicious file into a benign file that still gets delivered to the user without the risk of the attack eventuating. Couple that with training and development of staff in organizations to allow them to be able to identify and report phishing attacks.
If you were advising executives around phishing, what recommendations would you share?
Work to minimize the risk to your organization. Consider the possibility that you will be compromised at some time. Look at a zero trust framework to allow your business to act and limit the impact of a successful attack on your organization. Encrypt data at rest, limit scope creep when it comes to system access and review your security on a regular basis. Look at table top exercises, and get third parties to review your policies and procedures.
What kinds of phishing trends do you expect to see in the next 6-18 months?
I expect we are going to see more SMS phishing attacks. In recent months, we have seen some very successful attacks that have resulted in a lot of money being stolen. What we know is threat actors will look at their success and build on that. We will also see phishing attacks on supply chains to help the threat actors use them as a way to compromise larger targets.
Is there anything else that you would like to share with the CyberTalk.org audience?
Phishing is here to stay. I have seen many organizations move to cloud-based platforms for their email. These platforms are actively being attacked by the threat actors. Look at these cloud platforms as you would your on-premise and secure with the same level of vigor that you have done with your on-premise security.
Understanding the latest trends can help you protect your organization. Get additional phishing related insights throughout this week during #Phishingweek2022 – Feb 28th through March 4th.