Category Archives: social engineering

The psychology behind phishing attacks

With 3.4 billion malicious emails sent every day, phishing poses a massive risk to organisations of all sizes.

However, the threat doesn’t just come from the volume of scams, but their idiosyncrasy. The measures you put in place to protect you from most cyber attacks – anti-malware, perimeter scans, vulnerability assessments, etc. – are inadequate when it comes to phishing, because fraudsters doesn’t exploit technological weaknesses.

They instead target employees using a tactic known as social engineering.

What is social engineering?

Social engineering is a collective term for the ways people are manipulated into performing certain actions.

In an information security context, it refers to the methods fraudsters use to get people to hand over sensitive information and expose themselves to malware.

Phishing is a classic example of social engineering, as the scams emulate legitimate organisations and attempt to trick people into complying with a request.

How do phishing scams manipulate us?

In some ways, it seems impossible that people could fall for phishing. Awareness is at a record high, popular targets like Amazon have dedicated phishing prevention pages and many bogus emails do a poor job of imitating their target.

Yet phishing is as successful as ever. Why? Because it taps into people’s fears to such an extent that they can’t spot the signs of bogus emails.

See also:

For example, many messages replicate services that possess sensitive information or are essential for the user’s quality of life. This explains the prevalence of phishing emails that relate to tax forms or entertainment services like Netflix.

A 2017 PhishMe survey found that fear was the most effective motivating factor for someone to click a link or open an attachment in a phishing email.

The organisation sent a series of benign phishing emails to respondents and found that the most successful scam spoofed a bar association that claimed that a grievance had been filed against the recipient. It tricked 44% of respondents.

A similar scam email imitating an accountancy firm that claimed a complaint had been filed against the recipient was successful 34% of the time.

Catching us off guard

Although people are always susceptible to phishing, cyber criminals increase their chances of success by sending scams at times when we are most vulnerable.

Phishing has a comparatively low success rate when the recipient is busy or thinking about something else when they receive the message. The sense of urgency is diminished on, say, Monday mornings, when employees have plenty of other urgent tasks.

When they come back to the email a few hours later, they are more likely to notice the things that seem suspicious. Or, if the message is imitating a colleague, they’ll see that person in the office, ask about their request and realise that it was a scam.

Criminals therefore try to send scams when people are most likely to take action right away, which means scheduling them for times when recipients are least likely to be busy. Fridays are sometimes considered the peak time for phishing, but you’re just as likely to fall victim during the middle of the week.

Whatever day it is, the consensus is that you’re most vulnerable during your lunch break and in the early afternoon. This is because most of us take a break from whatever task we were doing. We might use the time to check our emails, and the message may appear as we sit there with no other tasks at hand.

How vulnerable are your staff?

There’s a simple way to assess how big of a threat phishing poses to your organisation: send your employees a scam email.

This might sound reckless, but it’s perfectly safe. Our Simulated Phishing Attack service sends your employees a typical example of a phishing email without the malicious payload.

This gives you the opportunity to monitor how your employees respond. Do they click a link right away? Do they recognise that it’s a scam and delete it? Do they contact a senior colleague to warn them?

You can use the answers to guide your information security measures and to act as a reference point when it comes to staff awareness training.

Find out more >>

A version of this blog was originally published on 23 November 2016.

The post The psychology behind phishing attacks appeared first on IT Governance Blog.

What are some of the worst enterprise security habbits?

Estimated reading time: 3 minutes

Enterprise security is a habbit! Good habbits take years to form – bad habbits, on the other hand, take only seconds, and can bring years of hard work taken down in minutes. The same rule applies to enterprise security also.

It’s just easier to put an easy password (or worse, no password) on an important function and leave it open to danger – or turn off the auto-updater of your security solution, consequently leading to disaster and danger.

Hence, here are ten of the worst enterprise security habbits which organizations should get rid off immediately –

  1. Access to everything – Strangely, a lot of organizations, especially the legacy ones allow everyone, access to everything. The net result of this critical oversight transforms enterprise security to be seriously low ensuring that the organization is just one small slip up away from a major disaster.
  2. No security policy – Most companies have policies for everything – HR policies, leave policies, dress policies, time policies, so it’s amusing that they don’t have something as intrinsic as a cybersecurity policy. Enterprises must keep a strong, updated cybersecurity policy with clear dos-and-don’ts about what measures need to be taken.
  3. Software update – The grim realization when the WannaCry ransomware attack hit the world and caused mayhem was that it could have easily been avoided. It exploited a security hole in Windows XP. Yes, that’s right – Windows XP, an operating system which is now almost two decades old and which Microsoft itself stopped supporting in 2014. In fact, it was found that 7% of PCs all across the world still use this outdated operating system. This example sums up the extreme danger of not updating the software a business uses.
  4. Underestimating social engineering – Many enterprises can slip into the notion that cybersecurity is purely a technological problem and putting in place, a strong cybersecurity solution can solve all problems. But that is not the case – social engineering is as big an issue as cybersecurity, nowadays. The only way to solve this is to ensure that employees are as well- versed in cybersecurity issues as experts.
  5. Forgetting to patch software – It’s fine to keep a strong cybersecurity focus but enterprises can call on great harm if they don’t patch their software. Even the most secure software can become outdated extremely fast and may be at risk of attack. Enterprises must be proactive in patching software at regular, timely intervals.
  6. Believing we won’t be attacked – SMBs and SOHOs usually perceive that they won’t be prone to cyberattacks as hackers will be typically interested in attacking larger corporations. But the truth is, smaller enterprises are at high risk of attacks as cyber criminals know about smaller businesses having weaker defences, compared to relatively high-profile organizations.
  7. Not having a security response plan – This ties into the above point but is applicable for organizations at all scales. Complacency can often creep into enterprises which means that they believe that they are immune to cyberattacks. This means they won’t even have a security response plan which can be catastrophic at the worst possible time – when an attack hits.
  8. Not having cybersecurity drills – It’s okay to have a security response plan but is it updated? Has it practically ever been used? Mock drills can help showcase an enterprise’s preparedness to cyberattacks, while lack of these drills means that there might be chaos.
  9. Not investing in the right people – Cybersecurity hiring is increasingly becoming a specialized trend now, one which enterprises must wake up to. It’s important to have good skilled personnel to deal with the cybersecurity function and ensure that they keep on getting new certifications so they stay updated.
  10. No backup – Backup is integral in cybersecurity. Enterprises sometimes neglect backup which puts them in a precarious situation, whenever there is a cybersecurity attack. Don’t wait for that time – invest in good backup solutions and ensure that valuable data is backed up to prevent loss.

By getting rid of the above enterprise security habbits and investing in a strong, secure cybersecurity solution (like Seqrite’s range of solutions), enterprises can go a long way in ensuring that their network security parameters are safe and secure.

The post What are some of the worst enterprise security habbits? appeared first on Seqrite Blog.

Cyberattacks and the five key enterprise security challenges to improve on

Estimated reading time: 2 minutes

Cyberattacks are the new norm right now. Just recently, the United States and Iran were in the middle of a heated skirmish where it is reported that the US had launched a cyber-attack against the country. In India, a cyber-attack caused mayhem and delayed many flights at Kolkata airport in April. This has apparently brought into focus the importance of cybersecurity in this day and age. Enterprises hence must stay committed and ensure they have their security systems in place.

A few major enterprise security challenges in recent times have been:

  1. Adopting a zero-trust approach

Organizations could consider adopting a ‘zero-trust’ approach to network security. Introduced by American market research giant, Forrester Research, the zero-trust network model eliminates the concept of a perimeter and calls for enterprises to inspect all network traffic without any classifications of ‘inside’ and ‘outside.’ Basically, no user or traffic is considered ‘authorized’ and all access to a specific network is governed by the same set of rules. Basically, there is ‘zero-trust’ in this model – all traffic to the network is untrusted and must be validated before allowed entry.

  1. Filling the cybersecurity skill gap

Cybersecurity is one of the functions which is almost continuously fighting a talent gap. A Frost & Sullivan report observed that the global cybersecurity workforce will have more than 1.5 million unfulfilled positions by 2020. Enterprises must find a sustainable solution to fill this gap and address it by looking beyond degrees and investing in constant certification courses.

  1. Underestimating the importance of patches and updates

While enterprises have woken up to the danger of cybersecurity and are taking measures to invest in enterprise security solutions, one challenge that often arises is a lack of maintenance. In this case, cybersecurity maintenance means keeping security software along with other essential programs updated and patched, that too, regularly. However, enterprises often miss out on updates making them extremely vulnerable. This is precisely the reason Seqrite Endpoint Security (EPS)’s Patch Management tool offers a centralized patch management strategy to remediate all application vulnerability patching needs.

  1. Ensuring compliance with regulations and norms

Thanks to the advent of GDPR in 2018, many businesses have woken up to the importance of data governance and compliance and taken some of the initial steps. But this has to be just the beginning. Data governance and compliance should not be done just because it has been mandated, because then businesses will just be ticking a box without really understanding the significance of what they are doing. Proper data governance and compliance policy benefit an organization in more ways than just making them compliant with the latest norms.

  1. Social engineering

An organization’s employees can be their biggest asset or liability. Unless they are also taken along the cybersecurity ride, it will be difficult for them to identify breaches, plug loopholes or not get taken in by phishing emails. For this, regular awareness and training are important.

Seqrite’s Unified Threat Management (UTM) provides a one-stop solution for many of the problems identified above. It acts as the first line of defense providing IT security management, a safe working environment, high productivity, regulatory compliance in a cost-effective bundled solution.

The post Cyberattacks and the five key enterprise security challenges to improve on appeared first on Seqrite Blog.

How to Prevent Insider Data Breaches at your Business

Guest article by Dan Baker of SecureTeam

Majority of security systems are installed to try and forestall any external threats to a business’ network, but what about the security threats that are inside your organisation and your network?

Data breaches have the potential to expose a large amount of sensitive, private or confidential information that might be on your network. Insider threats are a significant threat to your business and are increasingly being seen as an issue that needs dealing with.

SecureTeam are experts in cybersecurity and provide a variety of cybersecurity consultation solutions to a range of businesses. They have used their extensive knowledge of internal network security to write this handy guide to help businesses protect themselves from insider data breaches.

Who is considered an Insider Threat?

Insider threats can come from a variety of different sources and can pose a risk to your business that you might not have considered.

Malicious Insider 
This is when an employee who might have legitimate access to your network has malicious intentions and uses that access to intentionally leak confidential data. Employees who intentionally provide access to the network to an external attacker are also included in this threat.

Accidental Insider
This is when an employee makes an honest mistake that could result in a data breach. Something as simple as opening a malicious link in an email or sending sensitive information to the wrong recipient are all considered data breaches. The main cause of accidental insider data breaches is poor employee education around security and data protection and can be avoided by practising good security practices.

Third Party
There is a data protection risk that arises when third-party contractors or consultants are provided with permission to access certain areas of the network. They could, intentionally or unintentionally, use their permission to access private information and potentially cause a data breach. Past employees who haven’t had their security access revoked could also access confidential information they are no longer entitled too and could be seen as a threat.

Social Engineers
Although this threat is technically external a social engineers aim is to exploit employees by interacting with them and then attempting to manipulate them into providing access to the network or revealing sensitive information.

Data breaches from internal threats have the potential to cause the loss of sensitive or confidential information that can damage your business’ reputation and cost you a significant amount of money. There are some ways you can attempt to prevent insider data breaches, however. 

How to prevent Data Breaches

There are a few simple ways you can try to prevent an internal data breach, including:

Identify your Sensitive Data
The first step to securing your data is to identify and list all of the private information that you have stored in your network and taking note of who in your organisation has access to it. By gathering all of this information you are able to secure it properly and create a data protection policy which will help keep your sensitive data secure.

Create a Data Protection Policy
A data protection policy should outline the guidelines regarding the handling of sensitive data, privacy and security to your employees. By explaining to your staff what they are expected to do when handling confidential information you reduce the risk of an accidental insider data breach.

Create a Culture of Accountability
Both employees and managers should be aware of and understand their responsibilities and the responsibilities of their team when it comes to the handling of sensitive information. By making your team aware of their responsibilities and the consequences of mistakes and negative behaviour you can create a culture of accountability. This also has the more positive effect of highlighting any issues that exist before they develop into full problems which can then be dealt with training or increased monitoring.

Utilise Strong Credentials & Access Control
By making use of stronger credentials, restricting logins to an onsite location and preventing concurrent logins you can make your network stronger and remove the risk of stolen credentials being used to access the network from an external location.

Review Accounts and Privileged Access
It is important that you regularly review your user's privileges and account logins to ensure that any dormant accounts no longer have access to private information and that users don’t have unnecessary access to data. This helps to reduce the risks of both accidental and malicious insider data breaches.

The threat of an insider data breach continues to be an issue to businesses throughout a range of sectors. However, by putting a plan in place for these insider security threats it improves the speed and effectiveness of your response to any potential issues that arise.

It is sensible to assume that most, if not all, businesses will come under attack eventually and by taking the threat seriously and adhering to the best security practices then you can help to prevent an attack turning into a full-blown data breach.

Beware! Email attachments can make you victim of spear phishing attacks

In the last few months, we’ve seen a sudden increase in Spear Phishing attacks. Spear phishing is a variation of a phishing scam wherein hackers send a targeted email to an individual which appears to be from a trusted source. In this type of attack, the attacker uses social engineering tricks and some…