When it comes to phishing attacks, businesses often can’t deploy security technology fast enough to keep cybercriminals at bay – which is why the ultimate protection comes in the form of a combination of security technology and a human firewall.
A human firewall is created when individuals within an organisation are educated about how to interrogate their emails: when to click on a link or open an attachment, and when to delete it.
IT security technology can reduce spam and block most malicious emails, but cyber-criminals are using social engineering to prey on unsuspecting email recipients.
This can be done by sending spoofed emails that use existing company or people’s names with malicious links designed to extract sensitive information like computer login details or personal information.
These emails are often difficult to block because they are designed to surpass the usual firewalls.Google Research analyzed over a billion emails passing through Gmail, and the results were presented last week at the RSA security conference in San Francisco.
Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.
Giving out sensitive data to people without first authenticating their identity and access privileges is one of the most common and worst mistakes employees can make. Allowing a stranger inside an organization without authorization is yet another example of a broken link in the human firewall chain.
This is the first time that results like this have been published but it makes sense to the degree that corporate inboxes tend to contain more valuable information, which can be monetized much more easily.
Organizations active in finance, entertainment and IT were the most targeted by phishing as of Q1 2017. It looks like attackers are targeting organizations based on their size, type, sector of operations and country.
At RSA 2017 in San Francisco last week, I distilled the 7 urgent reasons why you need to create your "human firewall" as soon as you possibly can. Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters.
1. Ransomware heads the list of deadly attacks
SANS' Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives.
2. Phishing leads the IRS dirty dozen of scams
The Internal Revenue Service rounded up some of the usual suspects in its annual look at the dirty dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge.
3. CEO Fraud / W-2 Scams are their close second
Just this month the IRS issued another warning about what it called dangerous, evolving and very early W-2 scams that are targeting a widening swath of corporations, school districts and other public and private concerns. High-risk users in Accounting and HR need to be frequently exposed to simulated attacks using email, phone and text to inoculate them against these attacks.
4. Phone Scams
Your users need to be trained that when they pick up the phone, the person on the other end might be a criminal hacker that tries to manipulate them into getting access to the network. They impersonate "Tech Support" and ask for a password, or pretend to solve technical problems and compromise the workstation.
5. Your Antivirus is getting less and less effective
We all had the nagging suspicion that antivirus is not cutting it anymore, but the new Virus Bulletin numbers confirm your intuition. Virus Bulletin (VB) is the AV industry's premier "insider site", and shows how good/bad endpoint detection rates are, but VB also covers spam filters, and tests them on a regular basis.
Both antivirus (aka endpoint protection) and spam filter tests are published in quadrants graphing the results. What most people do not know, is that participants in this industry all share the same samples, and it's often just a matter of who gets the definition out first, because soon enough everyone else has that malware sample and blocks the hash. The problem? Proactive detection rates have dropped from about 80% down to 67-70% over approx. 9 months.
Help is Here
Comtech offers multiple forms of protection that is updated on a daily basis.
1. ComTech's ActiveCare Security Suite
Protection against all types of malicious software including: viruses, spyware, worms, Trojans, rootkits, and zero-hour attacks. The program also updates its definitions automatically and on continual basis. And there’s no need to ever renew licenses for as long as you remain a ComTech partner.
2. ComTech Complete Firewall Protection
- Monitor firewalls, network traffic devices and apps to identify abnormal activity, unexpected access attempts and potential threats.
- Eliminate downtime due to misconfigured firewalls.
3. ActiveCare CloudFiltering - Total email Security
CloudFilter stops the junk and lets the good email through. Messages which contain offensive, harmful, or policy violating content are held in quarantine, while any good messages continue on their way to the end user.
4. ActiveCare Managed Desktops and Servers
Our preventive maintenance service for desktops proactively and regimentally monitors and addresses common problems experienced by desktop users. Whether it’s viruses, spyware issues or installing patches, we handle it all quietly and in the background while your employees remain productive.
With our managed IT services for servers, you’ll enjoy the benefit of a full team of IT specialists keeping your systems in excellent working order. For a small, fixed monthly fee, we monitor your systems 24/7, apply patches, ensure backups, keep viruses at bay, and perform a host of other proactive measures. Little problems don’t become big — and expensive — and in most instances, you won’t even know there was ever an issue.
5. Training
Training is an important factor. The importance of training users to be vigilant in monitoring issues and anticipate issues will help keep your systems running and problem free.
ComTech also offers diferent forms of policies to be roled out to users to help them understand the intended uses of the network including unacceptable uses and the consequences for non-compliance.
Contact ComTech to help you manage your IT systems through better Smart-Sourced IT
