The easiest way to get into an organization is through a targeted credential phishing attack, where threat actors use information that's made publicly available on LinkedIn, Facebook and elsewhere to create a fraudulent profile of the victim, according to Joe Diamond, Okta's director of security products.
The process has become increasingly streamlined, Diamond said, as bad actors use open crawlers to build a profile of the end user, figuring out where the victim works and what they like to do. In addition to targeted credential phishing, hackers can also pursue broad-scale attacks using information that has been gathered in a more automated manner.
Both regular end-user education as well as quality security products are needed to address credential phishing, Diamond said. Secure email gateways play a major role in stopping credential phishing, according to Diamond, particularly when the system marks external emails right in the subject line.