Best Practices For Protecting Against Phishing, Ransomware and Email Fraud
Security teams and the organizations they support live in difficult times: they increasingly are the targets of sophisticated threats developed by a shadowy and very well financed cyber crime industry that has demonstrated it can often outsmart even the most robust security defenses. Cyber criminals are aided by the fact that security teams often lack the human and financial resources necessary to keep pace, and so often cannot defend against the latest threats that are directed against them. Add to this the fact that security teams often support users who unwittingly aid cyber criminals (or occasionally become them) through mistakes or intentional acts that can result in the loss of sensitive data or corporate funds. A survey was conducted on this topic and a white paper produced. Some of the results of which are included in the Executive Summary below.
- Various types of security threats are increasing in number and severity at a rapid pace, most notably cryptojacking malware that is focused on mining coins for the roughly 1,400 cryptocurrencies currently in use.
- Organizations have been victimized by a wide range of threats and exploits, most notably phishing attacks that have penetrated corporate defenses, targeted email attacks launched from compromised accounts, and sensitive or confidential information accidentally leaked through email.
- Threats are becoming more sophisticated as well-financed cybercriminal gangs develop improved variants of malware and social engineering attacks. The result is that the perceived effectiveness of current security solutions is not improving – or is actually getting worse – for many organizations.
- Decision makers are most concerned about endpoints getting infected with malware through email or web browsing, user credentials being stolen through email-based phishing, and senior executives’ credentials being stolen through email-based spearphishing.
- Four of the five leading concerns expressed by decision makers focus on email as the primary threat vector for cybercriminal activity, and nearly one-half of attacks are focused on account takeovers.
- Most decision makers have little confidence that their security infrastructure can adequately address infections on mobile devices, CEO Fraud/BEC, and preventing users personal devices from introducing malware into the corporate network.
- Many organizations are not exercising proper due diligence on a number of fronts in the context of their security posture, including security awareness training, data backup processes, strong internal control processes, implementation of technologies in-depth, and establishment of adequate processes.
- To address the worsening threat landscape, security spending at midsized and large organizations will increase by an average of seven percent in 2018 compared to 2017.
- There are a number of best practices that organizations should seriously consider as they attempt to bolster their security defenses. These include conducting a thorough audit of the current security and compliance environment, establishing detailed and thorough policies, implementing best practices for users to follow, provide adequate security awareness training that is commensurate with the risk associated with each role, and deploy alternatives to employee managed tools and services.
This white paper was sponsored by one of Ocean Computer Group’s partners – Barracuda; information about the company is provided at the end of this white paper.
Access and download the full white paper here