Rate of success has increased and more difficult to detect. According to Symantec , the average number of spear phishing spiked 42 per day in January 2016 from 33 just last December (proportionally rising to 1 in every 1,004 emails). Like phishing, these emails tend to be accompanied by an attachment and numbers show 46% were .doc files (up from 26% in December vs. January). Additionally, the favorite targeted organization show to be 1-250 and 2500+ employees with respectively, 35% and 32% of the cases (with Finance, insurance and real estate leading the pack at 29% followed by manufacturing at 21% then, wholesale at 12% industries).
Good practices and safety extends beyond corporate compliance in an organization. Cyber safe practices must be carried through your personal / social forums by limiting what you post specifically about yourself and the organizations you work for, and remember what you post on-line can be shared and go viral particularly in the dark web. Organization can help build awareness by providing relevant security training (perhaps based on employee behavioral analysis), rewarding good behavior instead of punishing bad ones, soliciting/collaborating with marketing and sales team, and of course, routine penetration testing.
For a good overview of social engineering red flags, check out Knowbe4’s pictorial example.
No comments:
Post a Comment