Employees get sucked in by smarter cybercriminals
FYI, this story is more than a year old
A staggering 70 per cent of organisations have been the target of an advanced attack and frighteningly it has been found that about half of all employees will fall for a well-crafted spear phishing ruse which could open the door to malware and other threats to the corporate network.
While most New Zealanders are aware of the more common tactics of cybercriminals and seldom fall for scams involving emails from Nigerian royalty or phishing scams seeking banking details, few are as vigilant when it comes to protecting valuable company information at work.
Hackers and cybercriminals are stepping up their efforts to target businesses to access everything from Intellectual Property for commercial gain, to customer records for competitive advantage or even resorting to using stolen information for extortion attempts. One careless employee could become the weakest link in your business and expose your business to a long list of threats. While mobile devices are now enabling the convenience and flexibility of accessing emails and company desktops in order to effectively work anywhere, the growth of employee-owned devices and the increasing use of social media applications in the workplace are creating new potential attack access ways, and posing a big risk to company IP.
The potential consequences of losing company information in this way are frightening, and organisations need to make sure they have control and insight into the users and devices accessing their network. It’s a good idea to configure your employee’s devices to get connected to corporate Wi-Fi hotspots, rather than public Wi-Fi hotspots, to minimise the risk of any data vulnerabilities and malware infestations. Ensure employees are aware of simply things such as knowing to turn off Bluetooth or Wi-Fi when not in use, applying a screen lock when the phone is powered on and setting up an inactivity time-out limit or auto-lock; these can also be useful should an employee lose the device.
Risky practices – lack of password protection, giving out passwords – along with ineffective approaches to information security are making organisations susceptible to these new employee-targeted attacks. The current level of complexity in our IT environments is also making it easier for skilled adversaries to hide and find unknown or unpatched IT vulnerabilities.
To add to the problem, many companies are unable to detect sophisticated attack patterns. Conventional antivirus, firewall and IDS tools do not form a complete picture of an attack, instead identifying unauthorised access, viruses, or phishing email, but not actually associating these events. So how do we better stay safe in a world where cyber-attackers are smarter and passwords are harder to remember?
Traditionally, firewalls provide defence against attacks from viruses or external attackers, and to this end, review all firewall deployments to ensure current rules and processes to implement and maintain them are still valid. Also ensure adequate measures have been taken to help protect devices like laptops with technologies such as host-based firewalls.
Do not, however, solely rely on firewalls as a single means of defence. There are additional factors to consider for protecting a network. Do you provide secure remote access with strong authentication techniques?
Have you made sure you have secured your wireless network to help prevent unauthorised users from gaining access to your network resources?
Fresh approaches and new ways of thinking about information security will be needed to combat this new class of threat that seeks to exploit the "weakest link" in a company, some of which may be uncomfortable for IT managers and decision makers. For example, giving up the idea that it is possible to protect everything in order to focus on the most critical information – the company "crown jewels" if you will – is something that organisations need to consider.
Additionally, the definition of successful defence should change from "keeping attackers out” to "detecting intruders as early as possible and minimising the damage.” In other words, assume an organisation is already compromised – and work from there.