In our data-driven world, most organisations are at least partially dependent on a measure of electronic storage and networking. Perhaps out of experience, large organisations are generally aware of the need for effective cyber security frameworks including firewalls, access and awareness training, and anti-malware systems. Educational institutions, however, tend to be somewhat behind the curve, when it comes to tightly securing their data-verse. Recently, ethical hackers while testing the computer security of university networks discovered that they were able to successfully breach networks in less than 2 hours by using spear-phishing attacks to gain access to sensitive information. Well over 50 universities across the UK were a part of the test and in almost every case, testers were able to acquire domain-level administrator access used to control systems and gain complete unauthorised access to system information.
Phishing has been in the news lately, not only because it was the intrusion technique allegedly used by Russian hackers to access U.S. voter registrations, but also because it is becoming more prevalent, especially in the UK. You only have to look at the recent NHS "Wannacry" and the latest "Petrwrap" ransomware incidents both starting with curious staff opening phishing emails to understand the risks.
If the answer to any of these questions is ‘no’, then you are not alone. Employees remain the weakest link in the battle against cybercrime and are criminals number one target.
A new British Chamber of Commerce (BCC) survey of over 1,200 companies (96% SMEs) reveals cyber-criminal attacks occurred on one in five UK firms over the last year.
Despite the very real threat this poses to businesses, the majority (63%) rely on IT providers to resolve any issues.
Most of us would like to think we are cyber aware and know better than to respond to a phishing email from our bank, asking us for account details, passwords and other personal details. But what happens in your organisation if the email and links appear to come from a trusted sender, or a known person in authority?
A sophisticated phishing attack is trying to obtain confidential corporate information by sending spoofed emails claiming to be from the Security and Exchange Commission.
These attacks are targeting lawyers, compliance managers and company officials who file documents with the SEC. Given its coming up to quarter end, raising awareness now is very important.