Thursday, 28 April 2016

The Past, Present, and Future of Phishing and Malware

In the Digital Age, email is second nature. It’s a commonly accepted method of communication, and a convenient one, at that. With convenience, however, comes danger – especially if you’re not even alerted to the bait!

Past present future Malware
This email ‘bait’ I’m referring to comes in the form of phishing scams, which are becoming increasingly abundant as hackers see high ROI on their efforts. In fact, up to 95% of hacks start with a phishing email. Obviously, this is a problem for you, your team, and your business. Like with any problem, the best way to understand it and seek a solution is by examining where it came from.
So, let’s take a look at the history of phishing scams, and see what we can glean from these evasive digital threats to educate our future paths.
Past
Since there has been email, there have been phishers. From the great “Nigerian Prince” scam of the late 90s to more complex spear phishing techniques used today — phishing via email has been the single greatest threat to any organization because of the potential to expose corporate data, pertinent financials, banking details, and private employee information. While email is a tool that all businesses rely on to run daily operations, it can also put everyone at risk.
In recent years, organizations both large and small have become increasingly threatened by phishing. It’s not just high-profile enterprises that are phishing targets, but also SMBs with a lot to lose. Recently, a small San Diego lawyer unintentionally clicked on a phishing email that he believed was sent by the US Postal Service. The click triggered a malware installation that transferred nearly $300,000 out of his firm’s bank account to a bank in China. The moral of the story? From family-owned shops to SMBs and large enterprises, phishing has the potential to affect your organization.
Present
Today, the majority of organizations have experienced malware infiltrating their networks through phishing. Two-thirds of decision makers report malware infiltrations through email in the last year. Additionally:
  • 45% believe phishing is a serious or very serious concern
  • 44% fear employees will click on phishing links leading to malware attacks
  • 39% worry about phishing attacks leading to customer data breaches
  • 37% are concerned that data breaches will leak sensitive internal data
The bottom line is that phishing as a method of network penetration is continuing to rise. But, there are preventative measures organizations of all sizes can take to decrease the probability of infiltration.
Future
  1. Assess your risk: Where does your sensitive data reside? Who has access? Take inventory of these things and know how changes (i.e. upcoming new regulations) will affect them. It also helps to know which phishing tactics your users are most susceptible to. Use this combined intelligence to craft a strategy — a combination of people, process, and technology.
  1. Train users: Your employees are your last line of defense against phishing and malware, yet 78% of organizations do not properly train employees to detect and deal with phishing threats. Providing internal security training can boost the overall effectiveness of your security systems. To start, give our Phishing Quiz a try. We can provide aggregate results for your organization, and provide you with insights including which departments are most susceptible, tactics your users are most susceptible to, etc, to help tailor your training plans. To get set up for this free assessment, contact your Intel Security Partner or Intel Security representative. If you don’t have a rep, you can also email phishingquiz@mcafee.com for help.
  1. Select the right security: Finally, keep your organization safe from phishing attempts with a quality security solution, especially when moving email infrastructure to cloud applications such as Office 365 or Hybrid Exchange.
Want to learn more about how to protect your organization against phishing attempts today and in the future? Check out our Art of Defense webinar here.

First published at Intel Security

No comments:

Post a Comment