If you follow cybersecurity news, you’ve been seeing DMARC come up a lot recently, with reports that DHS will be looking at federal agency use of DMARC, vendors lagging on implementing DMARC, and calls for organizations to finally stamp out fake emails. But what is DMARC, and how does it differ from SPF and DKIM? What protection does DMARC offer?
Phishing attacks are proving to be more and more effective in recent months, and a frightening new trend has emerged using a highly useful and trusted software as a method of infiltration. Google Documents or “Google Docs” are heavily used in small businesses due to its flexibility and cloud-based storage, however it is frequently being used to trick employees all over the world into infecting their machines with a range of malware and credential stealers. Google Documents has been a very handy tool for several years now allowing multiple people to work on one project at the same time while keeping track of editing. It’s an incredibly powerful tool.
Phishing attacks, a topic EiQ has previously discussed, remain one of the chief causes of data breaches. Even small businesses find themselves on the receiving end of these scam emails, which are designed to trick readers into taking actions that compromise their cybersecurity. Spearphishing and whaling accomplish the same ends with even more devious and targeted tactics. Here's how they work, and how you can protect yourself and your business.
As the second quarter of 2016 continues, it is increasingly clear that SMEs are faced with an urgent need to secure their IT systems. The year isn't even halfway through and already organizations have seen sophisticated cyber attacks that outstrip those faced in the past. Combating such threats means IT personnel must be sufficiently knowledgeable and qualified, but often companies do not have the resources necessary to hire enough in-house IT staff. Given this challenge, many firms are turning to managed security services to improve their cyber defenses.
The threat landscape is constantly becoming more sophisticated. That means any cybersecurity strategy not up to date with security tools and research will leave an organization open to attacks. According to a 2016 IBM report, only 17% of the participating organizations are fully “cybersecured”—which means 83% are inadequately defended.
To be prepared, companies need to implement cybersecurity strategies that address today's threats. The following three examples of emerging attacks show why all but the most well-guarded companies' current cybersecurity strategies need an update.
Employees are the lifeblood of an organization, and if they neglect good cybersecurity practices, the company's overall cyber defenses are weakened. Here are three common cybersecurity mistakes employees make—and the best ways to address them.
1. Falling for Phishing
Phishing may be a common scam, but employees are still falling for it. Between late 2013 and August 2015, the FBI found that more than 7,000 U.S. companies were victimized by business email scams—with total losses exceeding $740 million. A single well-written phishing email can confuse employees into clicking a fraudulent link that installs malware on company machines, or can trick accountants into wiring money into false banks accounts purportedly owned by company executives traveling overseas.
Scammers were able to steal $1.2 billion from businesses worldwide over the past two years using a phishing scam, the FBI revealed. In America, around 7,000 businesses were the victims of the Business Email Compromise (BEC) scam.
According to Verizon’s annual Data Breach Investigations Report, there were over 2,000 confirmed security incidents and data breaches in 2014. These data breaches have cost companies around the world around $400 million. The study found that most of the time, hackers were able to compromise victims within days. Unfortunately, the hacked companies did not immediately discover that their networks had been compromised. In Verizon’s analysis of the data, they found that half of the affected organizations discovered malware events during 35 or fewer days. Seventy to 90% of malware samples were unique to a single organization.