According to Verizon’s annual Data Breach Investigations Report, there were over 2,000 confirmed security incidents and data breaches in 2014. These data breaches have cost companies around the world around $400 million. The study found that most of the time, hackers were able to compromise victims within days. Unfortunately, the hacked companies did not immediately discover that their networks had been compromised. In Verizon’s analysis of the data, they found that half of the affected organizations discovered malware events during 35 or fewer days. Seventy to 90% of malware samples were unique to a single organization.
The DBIR showed that most of the security breaches of 2014 were caused by external threats. Many hackers used phishing scams to breach networks. Phishing scams in the past were usually conducted using grammatically incorrect emails sent from strange domains. Back then, it was easy for most people to spot an unofficial email that was asking for too much information, like passwords. Phishing scams in the past also targeted individuals rather than corporations. According to the study, 23% of recipients open emails sent by scammers, and 11% download attachments from phishing emails. Results also showed that 50% of users click on phishing links within the first hour.
The study also found that employees in certain departments are more likely to fall for phishing scams. Employees who work in Communications, Legal, and Customer Service departments are more likely to fall for phishing scams because their jobs involve receiving and responding to large amounts of emails. They open more emails than employees in other departments, which means that they are more likely to open a phishing email.
One way to prevent employees from falling for these phishing scams is by implementing a filter that targets phishing emails. However, some phishing emails still manage to leak through the filter. Another way to ensure that employees don’t fall for phishing scams is by educating them about endpoint security. Employees should know to only open emails from official and trusted sources. In addition, they should know how to discern if a source is trustworthy. Phishing emails often look official, which is how employees are tricked into opening attachments and downloading malware. Employees should know that clicking on shortened links (for example, bit.ly or ow.ly links) could redirect them to malware. Some scammers disguise malware links in long, official-looking URLs. Employees can avoid these disguised links by hovering over the long URL before clicking on it. Hovering over a link will show employees exactly where the link redirects to.
Along with educating employees about how they can stay safe from phishing scams, companies should also invest in a strong endpoint security system. The key to a successful technology solution is centralized security monitoring that unifies awareness across the whole IT infrastructure. EiQ SOCVue’s continuous security monitoring system allows companies to build an effective security program. SOCVue monitors threats and sends a summary of security incidents via email to CSOs. With Daily Security Snapshot emails, CSOs can know exactly how their critical security controls are functioning. As a part of the EiQ SOCVue service, certified security professionals provide around the clock incident detection and remediation guidance. With a third-party cyber security system in place, companies can keep their sensitive data safe from phishing attacks.