The Enabling Technologies Blog


Chris Stegh / / Categories: Phish Hunter, Security, Cloud Security

Phishing Facts: Do not be a Statistic (Infographic)

See our recorded Security Do's and don'ts webinar here

 

How does good cyber security operate?

Strategically, cybersecurity should focus on protecting the identity, the device, and the data, and how to protect, detect and respond to the inevitable breach.  It’s not about the four walls of the organization and its data center security.  Considering the mobility and extensibility of the user and the organization, a strategy that protects the user accounts and their devices is key, with a shift toward protecting what ultimately really matters, the organization’s data.  That’s all a well and good strategy, but, as recent history from the Equifax breach has shown, it’s about even more fundamental practices, like patching servers to close known vulnerabilities.  Enabling’s security assessments cover online and on-premises best practices to shore up immediate gaps.

What are the costs of a cybersecurity attack?

$15M on average, according to Microsoft, but this is thrown off by the supersized breaches at the likes of Target, Anthem, and Equifax.  Still, in middle America, the losses are adding up.  The amount of *reported* loss from business email compromise alone between 10/13 – 12/16 was $5.3B, per the Internet Crime Complaint Center.  This comes in four through six-digit losses but is all due to phishing and impersonation attacks.  Enabling’s PhishHunter solution can mitigate and remediate such risks

Can companies predict cyber crime rather than simply respond to it?

Predicting the unpredictable is nearly impossible, although a Whitepaper on our website will provide some tips on how to approach this panaceaThe more realistic approach is use tools to detect the inevitable breach and containing it ASAP, using solutions like Phish Hunter and Azure Security Center.  While these tools may not keep the skilled and well-funded attacker out, they will detect their presence and allow rapid remediation.  Without these tools, attackers spend an average of 140 days inside before they’re detected.  That’s plenty of time for them to find and mine the crown jewels.PhishHunter Automated Threat Protection

I'm a smaller organization, do we really have to worry about hackers?

The front-page headlines are just click bait.  The losses in everyday organizations are piling up.  Who’d have thought university students would be the focus of attackers?  Yet they’re being phished, and their credentials used to log into course registration systems, cancel classes, and their refunds are funneled to attackers.  Organizations that don’t move money electronically are less susceptible to phishing and financial threats but may be used as bots in DDOS attacks or malware command and control, as was the State of Louisiana whose server was used to infect victims of the SEC phishing scheme.

What is the best way to train for cybersecurity?

Admins need to know that they absolutely hold the keys to the kingdom and protect their identity as such.  As the recent Deloitte breach has shown, employing Multifactor Authentication for elevated global/domain admin accounts is so fundamental,

That administrators should refuse to login without a second factor. End users need to know that 90% of breaches begin with a phish and that protecting their identity and device is more important to the organization than they know.  Unfortunately, they feel it’s all IT’s issue, so a pinch of “What’s in it for Me” has to be added to the end user awareness program.  Mainly, this comes in the form of “don’t let it happen to you” and “the practices that we’re teaching you at work are valid for your personal online behavior as well.”  No one wants their personal identity stolen, so why should their work identity be any different?  Enabling offers not only Multifactor Authentication solutions from Microsoft and third parties, but also provides end-user awareness videos, training, and phishing tests.

How do I learn more about cybersecurity?

SANS and NIST offer frameworks that employ the most universal best practices, and there are innumerable sources aside from going for a CISSP certification. Attend our upcoming webinar on April 5th:Register Here!  For news and threat trends, subscribe to Enabling’s blog and SCmagazine.com
 

 

 

Subscribe to Email Updates

Refine by

To expand the list, please click on the double arrows.

 

Search by Category or Author: