According to a recent survey, 96 per cent of executives failed to tell the difference between a real email and a phishing email, all of the time. (Source: McAfee Phishing Quiz, Intel Security).
This is among one of the key findings featured in Harpooning Executives: How Phishing Evolved into the C-Suite
That’s a joint eBook written by Intermedia and Intel Security. This eBook highlights how phishing has evolved into “whaling” and why executives are optimal targets. Phishing and spear phishing have become increasingly popular attack strategies. Cyber criminals use phishing tactics to evade traditional spam and malware filters in order to wreak havoc on corporate infrastructures.
Corporate data presents significant profit opportunities for today’s cyber criminals. As “phishers” look to increase their financial reward, executives have become prime targets for spear phishing attacks. These spear phishing attacks, also known as “whaling”, use personal information regarding an executive to gain access to confidential data that can be exploited for profit. Spear phishing (a fraudulent attempt to obtain confidential information from a specific organisation, using spoof email messages that appear to come from a trusted source) is one of the most commonly used cyberattacks. According to research from the the trainers SANS Institute, 95pc of all attacks on the enterprise network are the result of successful spear phishing. Spear phishing attacks no longer only target large, publicly-traded companies. They can have dangerous ramifications to any business, regardless of size.
Michael Baker, Vice President, Intel Security, said: “Companies are fighting a never-ending battle against phishing attacks. This poses real risks to businesses including data theft, financial loss, and tarnished reputations. As the phishing landscape continues to evolve, businesses need to take a more strategic approach to mitigate potential threats. Education, protection and preparation are the first steps.”
Avoid getting hooked
To help businesses lower their risk of an attack, Intermedia and Intel Security recommend a three-pronged approach:
– Educate employees and executives – Educating users and executives is one of the most important things you can do to reduce your company’s vulnerabiliy to an attack. Having step-by-step training that leads users through active learning exercises, can help ensure users don’t fall victim to an attack. A prime example of this is Facebook’s annual Hacktober initiative. Phishing best practices can be found in the eBook.
– Install comprehensive protection – Think beyond anti-virus protection. An email protection suite that includes real time URL scanning and email continuity provide additional layers of protection to help fend off sophisticated phishing attacks.
– Prepare for the worst – Email can be made more vulnerable by adding applications and other services because it creates additional security gaps in your infrastructure. When it comes to filling these security gaps, it’s important to think beyond email. Deploying an integrated cloud solution with single sign-on, secure file sync and share, Data Loss Prevention and email archiving capabilities helps ensure you fill these gaps should one layer of protection fail.
And Jonathan Levine, Intermedia’s Chief Technology Officer, said: “Many businesses operate under the false assumption that traditional client-based anti-virus technology will be enough to protect against a phishing attack,” said . “An integrated, cloud-based email protection solution backed by a 24/7 security team can help companies significantly reduce their risk of an attack.”
For details including a downloadable list of educational best practices – read Intermedia and Intel Security’s eBook at http://bit.ly/1Ai3e1O.
