Security threats are constantly on the rise these days, if you follow the ICS blog you will know that there is a new scam released on a weekly basis. The frequency of these new threats make it difficult for updates and security patches to keep up. By the time antivirus vendors find ways to block theses malicious viruses, there has already been a new threat released.
All employees or individuals must be aware of the fact that even with the most cutting edge security software and hardware, it is still possible for the newest threats to slip through. When this happens it is crucial that employees are able to recognize threats and suspicions emails.
Verizon has recently released their Data Breach Investigations Report. Verizon reported that 89% of malicious attacks come in the form of phishing attempts. It was stated that out of 100,000 reported attacks, 2,260 were successful data breaches. Verizon also reported running tests in order to see the rate at which an end user will click a malicious email attachments. These attachments were not actually harmful, but they gave us a good idea about how click happy most employees actually are.
During the test 8,000,000 emails were sent to various users. As it turns out 30% of recipients opened the email, and 12% of that group actually proceeded to open the attachment containing the executable file. During 2014 and 2015 tests there has been a rise in individuals opening malicious email. This is a scary thought for businesses with critical data. Even with the best security measures implemented end users will always be vulnerable targets.
Phishing campaigns have become the preferred method of attack in data theft. These are the most successful attacks for a couple reasons. First off they are sent via email at random times. Attackers have the ability to blast out large amounts of emails in the matter of minutes to thousands of recipients. Even if there are only a few individuals who fall for the scam, the campaign was still a success.
Another tactic that is credited to the success of phishing scams is making the email seem legitimate or like it came from a company you are familiar with. Attackers today have access to software that will allow them to spoof email address to make them look like they are coming from completely different addresses then they actually are. If the attack is targeted, scammers usually take the time to look up any available information on the victim in order to make the email more believable.
End user awareness is the first and most important line of defense against any information technology security threat. With a properly trained staff the risk of a data breach drops significantly. Make sure all users know the rules of safe email and internet use. ICS offers end user awareness training and compliance services in order to ensure all of your staff is properly trained.