By Paul Young, Co-Founder & CIO NextSTOP Consulting
Phishing is the biggest potential threat to your SMB's security during the Corona Virus pandemic.
During my tenure as CCO at ClearObject, we felt the layered security strategy that was in place ensured all identified risks were addressed, and most importantly that we knew what steps to take next should an incident occur. We had a fully audited and certified ISO 27000 program and had completed pre-assessments to NIST/FISMA standards. New employee security training was not only mandated but also required education on a yearly basis.
Imagine our surprise when it was discovered we had been the victim of a social engineering attack. Our CFO received a spam email that he thought was verified and secure. Unbeknownst to him this email was sent through a phishing scam with the intent to receive a large check to what was in actuality an unknown vendor. This cyberattack incident hit far too close to home and taught us an important lesson: the reason that phishing is so successful against companies is because they go after the employees themselves! We became aware that a large proportion of users are not properly trained on how to recognize these threats, which include but are certainly not limited to: spear-phishing and ransomware attempts.
Employees most commonly fall for these attacks by clicking on links or opening attachments in emails without thinking about the repercussions of these actions.
Thus, in order to keep our organization safe, it became necessary to target problem behavior among staff and educate them on how best to not become a victim. This included best practices for ways to identify the most common threats: suspicious emails. We implemented the changes we felt were appropriate and added additional measures as well as specified training.
Our media blueprint spans from strategies, platforms, technologies and tools, to the culture, leadership, people and experiences of SMBs and domain experts focused on Digital Transformation.
Today, it is recognized that users are the weak link in the security chain.
At ClearObject we went to great lengths in order to secure our perimeter and keep the largest threats at bay. Unfortunately, it turned out hackers were able to access the network fairly easily via email and turned our internal staff into pawns in their game of phishing attacks.
If you or your business have ever been duped by a hacker via email, text, or social media, then you know how easily this can happen.
Subject matter will be reviewed and made available weekly.
Look for out next post!
Therefore, systems are only half the equation..
End users are the second half and the easiest to exploit.
More than three billion fake emails are sent out worldwide every day.
According to Valimail’s Spring 2019 Email Fraud Landscape at least 3.4 billion fake emails are sent out every day. Most industries remain vulnerable to these spear-phishing and “spoofing” cyber attacks simply because they’re not implementing industry standard authentication protocols.
"Phishing" refers to a hacker's attempt to gain sensitive information from a user through sneaky tactics, such as fraudulent emails, texts, or messages on social media. What's most concerning about this threat is that it relies on human error to be effective. While firewalls, spam filters, and antivirus software are indispensable components of an IT security framework, all of these measures can be rendered useless if an employee clicks the link to that cute cat video or unwittingly shares his or her password.
What a data breach can potentially cost you:
C-Suite Executives beware!
The 2019 Verizon Data Breach Investigation Report highlights several of these cyberattack trends:
C-Suite Executives are 12 times more likely to be targeted in social engineering attacks than other employees.
Cyber-espionage related data breaches increased from 13% in 2017 to 25% in 2018.
Phishing scams are involved in 32% of these breaches and an astounding 78% of cyber-espionage related incidents.
90% of malware arrived via email.
60% of web application attacks were via cloud-based email servers.
43% of cyber attacks were committed against small businesses.
There has been a six-fold decrease in attacks on HR personnel.
Approximately 10% of suspicious email messages are getting through the spam filters put in place to prevent that very action.
SMB’s represent 43% of all victims:
They've also advised phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks. This report was released by Verizon before the new work-at-home paradigm became widespread!
Awareness is Essential: the best practice model combines security training with a simulated phishing platform.
Once it sinks in that the human element of security is being seriously neglected, you will be relieved to find out you can protect yourselves from these kinds of threats. Park Road Technologies specialty MSP Security Awareness Platform was created to help your organization manage and educate your staff regarding the problems that can present themselves due to social engineering through a comprehensive new-school awareness training approach.
This method integrates baseline testing using real world mock attacks, engaging interactive training, continuous assessment through simulated phishing, and vishing (phishing via cellphone) attacks, as well as enterprise-strength reporting. All of these protocols are put in place to build and create a more resilient organization with security "top of mind" to help protect your employees from threats and most importantly, everything you've invested into your business.
Protecting the soft underbelly of your business:
Park Road Technologies MSP Security Awareness Platform automates phishing tests directly with your organization, provides remediation training and education, along with detailed reporting on the campaign results. The automated platform runs simulated phishing campaigns with custom curated content specific to your organization. Users that fall for the phishing emails are automatically routed to remediation. This custom tuned platform provides an effectively targeted approach to achieving security awareness. All the while allowing your business to focus on the most important things: day to day activities, evolving with the ever changing environment, and dynamic growth.
The solution from NextSTOP’s Global Partner Exchange Member, Park Road Technologies provides:
An automated phishing simulation and training platform to improve your organization’s last line of defense: The Human Firewall.
Specialized training for your staff to help educate behavioral changes (in real time) so they're more aware of the ways they can be exploited to cause harm to your organization.
A variety of online training modules ranging from introductory IT security basics, to more targeted, advanced topics.
Automation features that generate future learning opportunities for your employees to utilize after their initial training session.
Highly interactive learning modules that require more than just sitting through a streaming video lesson.
Training engagement geared towards staff being more actively aware of the potential dangers their organization may face.
A behavioral approach to staff training that identifies weak points and provides targeted training where necessary.
A Phish Alert Button that gives users a safe way to forward email threats directly to your security team for analysis. In addition to this the email is then deleted from the user's inbox to prevent any future exposure. All this, with just one click.
