Avanan CMO Michael Hiskey was recently interviewed on Digital Trends Live, a show about tech and its many moving parts. Host Greg Nibler led the conversation on how email phishing attacks and human error threaten enterprise security systems.
Michael responded by detailing how hackers manipulate people into making split-second decisions that bring enduring consequences, such as the loss of data, money, and even reputation. He noted that these kinds of breaches almost always begin with email. “Your credentials for Office 365 and G Suite are the number one target of hackers because once they get in, email winds up being the keys to the kingdom in a modern corporate infrastructure.”
Some fundamental protections include password managers and multi-factor authentication. “The best password is the one you don’t know,” Hiskey said. Because so many third-party software accounts authenticate with Single Sign On (SSO) for G Suite accounts, safeguarding these credentials to preserve online identity and privacy becomes especially important.
Hiskey also addressed the issue of internally-originating phishing attacks at an organization, otherwise known as Business Email Compromise (BEC). When asked to elaborate on these particularly effective attacks, he commented: “The best phishing attack is the one that you never see.” This is especially concerning since traditional security technology stops at the perimeter of the office walls, assuming that coworkers are trusted senders, but not accounting for successful account takeovers by hackers.
The Avanan CMO urges email users to double-check email-based requests for wire transfers with a phone call or other method of out-of-band verification. Most companies, however, do not establish this as a procedure. “That’s why we call it Business Email Compromise: because there’s a flawed business process underneath,” he elaborates.
Knowing how to protect online accounts and credentials is an essential skill. And yet, in the words of Hiskey, “You’d be surprised how common sense isn’t common.”