Avoid getting caught in a spear-phishing net
You may be thinking your firewall, desktop antivirus and anti-spam gateway are protecting you, but is your organization really safe from hackers, crackers and cyber-criminals?
There is always one huge gap in your security strategy you’re overlooking – your users! Cyber-criminals know that the weakest link in any organisation is the human; the person at the other end of the screen who is fallible and susceptible to their sophisticated and wily ways.
Cyber-criminals and hackers are making use of sophisticated social engineering techniques in email and instant messages to trick your staff. They research their targets with meticulous accuracy, picking key individuals and apparent soft touches in your business; sending those people cleverly convincing emails, otherwise known as spear-phishing. The hackers have used your personal information, social media presence and publically available information to target you.
Usually, spear-phishing emails will goad you into clicking a compromised link that leads to a malicious website, or tricks you into divulging some login credentials. From there, the hackers gain access to you or your organization’s sensitive information. Incidences of spear-phishing are on the rise across the world, including South Africa, as it becomes the tool of choice for cyber-criminals looking to break into businesses.
If you’re not careful, you might fall prey to these types of spear-phishing hackers. There’s the Crafty Colleague, who uses a disguised email address or domain to appear as one of your co-workers. Then the Dubious Banker, who kindly asks to see that your bank account details comply with regulations such as FICA, RICA and POPI.
We also can’t forget the Tricky Taxman, who acts like they are from the government and informs you of a tax-back pay-out and asks for your banking details or to open a malicious attachment. The Social Media Stalkers constantly monitor your social media accounts to learn what you personally like and use that against you in the form of a fake subscription to a hobby-related or lifestyle magazine, a voucher for a discount on something they know you’ll want or even an opportunity to trial something for free – all in the name of gaining your personal information, credit card details or access to your system. Lastly, there are the Mafia Mailers, who will exploit your fear of a cyberattack by pretending to be protected payment services that need you to update your password or financial details.
In South Africa and throughout the globe, every day people fall for attacks from each of the crafty spear-phishing hackers mentioned above, due mostly to a lack of basic security awareness. Most organizations take a reactive approach to security, only plugging gaps after details of some new exploit has hit the news or worse yet, their own network gets “popped”. National awareness programmes don’t exist, which means users simply don’t know or engage in basic security practices. As a result, at Mimecast we feel that education is hugely important and the first step on the long journey to increase our users’ security awareness.
What needs to happen for to stand a chance against cybercriminals? Locally, companies need to automate their security measures where possible and make security simple for the average user by taking the complexity out of their hands and putting it in the background, as well as making sure that users are made aware of the risks associated with things like links in emails
It takes only one click on a malicious email link for a company’s entire network to be compromised and their intellectual property to end up publically available on the Internet. Therefore, users need to be empowered to make safe choices. By bringing together education, automation and technology, companies can rest assured they’re safe behind the best technological protection available as well as an effective human security system we call the ‘human firewall’. The human firewall is the pinnacle of enterprise security, and one we should all aim for.
To help protect your business from falling victim to cyber-attacks attend the Mimecast Human Firewall Event on 10 September in Johannesburg. Register on www.mimecast.com/cybercrime. If you can’t make it to the event, be sure to check out this on demand human firewall webinar.