3/15/2018

Enterprise Cyber Security Strategy - Awareness


A successful enterprise cyber security strategy begin by awareness.
Nowadays, phishing attacks are common and it doesn’t mean they have to be highly sophisticated to do any big damage. In this aspect, it’s your duty to ensure that your employees are well-familiar with the methods in order to spot these malicious attacks.

The latest and new forms of ransomware like BadRabbit and NotPetya may lead the news pertaining to cyber-attacks and cause aggravation amongst the victims, but the majority of them are basically phishing attacks. A recent study conducted by Google even found that the criminals carried out their nefarious activities by breaking into a victim's account more competently in contrast to a data breach.

Phishing is a kind of illegal activity that is carried out by using an email to steal user’s confidential details, such as login passwords in order to make access to user’s data. In general, the hacker imitates to be a faithful colleague, creates a similar email address with only one mislaid character. After that, the stealer cheats the user by fooling him to open an attachment having a malicious link. Ultimately, this leads to identity theft on account of malware installation. As a common practice, we are in the habit of checking our mail box while switching between several devices. Unfortunately, most of us don't pay more attention prior to opening an attachment from an unknown source. Here, the theory of phishing attack works which indicates that it is not complicated, but, in other words, we can say it is sensitive enough to be efficient.

The Ponemon Institute has revealed in a study that phishing campaigns can cost a heavy expenditure of $3.77 million a year to a normal U.S.Company. As per the numerous damaging phishing attacks reported in 2017, there was an indication that anyone can be fooled because of opening the wrong and malicious sites unintentionally. Take for instance; malware-loaded emails were sent by the hackers to Chipotle staff, and the point-of-sale systems at many spots got compromised on account of this. The secret customer credit card data was stolen from millions of people in this development. Another instance is that when Google and Facebook lost $100 million each when a cyber criminal used a phishing email to cheats their employees for transferring funds overseas. Furthermore, a spear-fishing scam featuring fake information requests were sent to employees for the purpose of tax payments, affected over 120,000 individuals working in over 100 organizations.

The above-mentioned examples indicate the velocity of cyber attacks that are alarming in information security. Moreover, it doesn’t matter how high-tech attacks get over time, but the best way is to impart suitable training to the employees, so that they can handle cyber-attacks in an efficient manner.

Phishing testing involves a method in which you have to consider the hacker’s role and target employees working at your organization to see who gets allured. In this way, you can uncover a standard judgment of employee vulnerability to cyber attacks. Consequently, you can impart practical training to those employees who carry on to get deceived by these tests. The main purpose of this training doesn’t mean that it would lead to employees’ embarrassment, but it can certainly help them learn how to spot and manage phishing attacks. Furthermore, if they fail to come upto your expectations in the unreal-phishing test, it could turn out to be a liability when the actual thing happens.

An employee working in a security firm ‘Absolute’ disclosed that a high-ranking executive was too targeted by a phishing attack. In response to this attack, the firm’s internal training assisted him to identify the attack and their IT team right away tackled the same.

The phishing test development should be made in such a manner that the fake email generation is adequate enough to offer a skillful moment, but not so tempting that it would even fool the cyber security experts responsible for managing the latest ransomware.

One of the employees in an organization even sent a phishing email to his associates that rewarded employees with coffee shop gift cards as a part of company celebration. Surprisingly, more than 78 percent of the company employees, at random, clicked on the link for the coffee, and the coffee shop chain also accepted these coffee gift cards. Moreover, the company had to pay them back. In order to make sure that such things never happen, the best solution is to impart training to the employees when building a phishing test. As a result, they will become aware of the phishing mails and know how to manage them.

Keeping in view the modern-day phishing attacks, the training programs should reflect their complexity and the basics too. Interactive security trainings carried out throughout the year helps in keeping the employees alert and also the organizations can notice latest trends and track processes in due course. Make sure that your employees should think twice, earlier than opening an email attachment after falling victim to an unreal phishing attack.

0 comments:

Post a Comment