Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Go Phish: Protecting your enterprise from the weakest link

by The Gurus
March 22, 2017
in This Week's Gurus
phishing password
Share on FacebookShare on Twitter

According to a recent report by PhishMe, 91% of cyber attacks begin with a phishing email. The attack method remains one of the most successful available to hackers as it exploits the inherent weakness of individual users. Since the advent of networked computers, human error has almost always been at the heart of failings in cyber security, and despite increasing attempts to improve user awareness and security training, individuals continue to fall foul. With the average security breach still taking close to 150 days to detect, businesses can no longer afford to leave their security in the hands of an outdated cyber security trust model which means all cyber defences are moot if a phishing email is clicked. If approaches to cybersecurity don’t change soon, phishing season will be never ending.

What is phishing?
Ever more convincing imitations of websites such as LinkedIn, eBay, PayPal and Google, and increasingly sophisticated emails have fooled users into allowing hackers past cyber defences. One recent attack mimicked a Gmail login page to near perfection. PayPal users were also targeted with a highly convincing email notifying them of a problem with their account.
It’s incredibly effective. According to Verizon, 30% of phishing emails are opened. With reasons cited including fear, curiosity and a sense of urgency – all playing on basic human emotions.
The method is also surprisingly simple: once an employee is duped into clicking on a link in an email that looks like a legitimate offer from a business he or she frequents, the user’s device either becomes infected with malware or the user is prompted to enter their access credentials.
Once in possession of log-in credentials for the enterprise system, the attacker masquerades as the user and enters the interior network and systems and the breach begins.
Users will fail
Organisations may spend time training staff to spot suspicious emails, but it is almost impossible to guarantee they won’t click on a phishing link. Indeed, phishing attacks are on the rise – according to SC Magazine, there was a 250% surge in phishing attacks in Q1 of 2016. The only way to combat phishing, therefore, is to make the assumption that users will keep acting as they do, and click the link. As such, businesses must be ready.
There is no other choice but to embrace the notion that any user might already be compromised. In fact, a ‘trusted’ user accessing your systems right now may be an attacker that has entered your network as a result of a phishing attempt. This is the motivation to adopt the Zero Trust security model. Old security models assume your LAN or internal networks are ‘trusted’ because they are protected by a firewalled perimeter.
However, Zero Trust does away with the notion of implicit trust. Instead, it is assumed that any user or device on the network could be compromised. Given that, how do you protect your valuable digital assets? Deploying Zero Trust means recognising that traditional perimeter and infrastructure-based security cannot stop an attacker in the guise of a trusted user.
So how can a business go about implementing Zero Trust? A key tool in the Zero Trust arsenal is enforcing role-based access control across all users. This limits an attacker’s ability to move laterally through the enterprise systems once they have gained access via a compromised user. Another technique is to deploy end-to-end encryption of data communications flows, even on internal networks and in environments that traditionally would be considered to be trusted.
It is inevitable that hackers will continue to uncover new attack vectors, develop increasingly more sophisticated breach methods and work their way into networks. It is also a certainty that any security model which assumes network perimeters can be defended, will fail. Finally, given that users will continue to remain the weakest link in a business’ security model, it is only by changing the way that security architecture is viewed, that positive advances in cyber security will be achieved.
By Dan Panesar, VP EMEA, Certes Networks

FacebookTweetLinkedIn
Tags: Cybere-mail scamPhishingsecurityTechnology
ShareTweetShare
Previous Post

New Vulnerability Revealed in WhatsApp and Telegram, Allowed Hackers to Gain Complete Control Over User Accounts

Next Post

Embedded security a high priority for IoT designers

Recent News

safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information