Cyber Defense eMagazine November Edition for 2021

More documents

Recommendations

Info

It’s not that people aren’t smart enough to spot a scam when they see one. The problem is that today’s advanced phishing attacks are difficult to detect, given that they don’t contain the tell-tale signs that employees are told to look out for. When you then add in the fact that cybersecurity is rarely front of mind for all employees and that many are distracted by their overwhelming to-do lists, you can hardly expect on every employee to spot every malicious email that they receive – even with training. For example, in a previous report, we revealed that 45% of people had clicked on a phishing email at work because they were distracted. So how are these emails bypassing existing security solutions and which employees are most likely to be targeted? Who is being targeted? According to our data, an average employee receives 14 malicious emails a year and cybercriminals aren’t picky when it comes to company size, with our researchers finding that SMBs and enterprises are targeted in equal measures. However, employees in the retail industry were prime targets, with the average worker receiving 49 emails per year – making retail the most targeted industry during this time. People working in manufacturing received the second most at 31 emails per employee, per year. To put this into context, an employee in the retail industry would have to successfully identify up to 50 carefully crafted emails a year to avoid causing a serious security incident. That’s not so easy when the emails are crafted using sophisticated techniques to avoid detection. These include display name spoofing, whereby the attacker changes the sender’s name to someone the target recognises; domain impersonation whereby the attacker sets up an email address that looks like a legitimate one, and account takeover attacks where a bad actor poses as a legitimate customer or employee, gains control of an account and then makes unauthorised transactions. When are they being targeted? We’re often told that bad actors borrow best practice from marketers. If that’s the case, most phishing attacks would land in employees’ inboxes around 10AM on Wednesdays, but our research revealed a different story. The most malicious emails are delivered between 2PM and 6PM, with very little fluctuation day-to-day (except over the weekend). This isn’t an accident. Since employees are more likely to make mistakes when they’re stressed, tired, and distracted, the second half of the working day is likely a bad actor’s best bet. Cyber Defense eMagazine – November 2021 Edition 102 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Our report also suggests that employees need to keep an eye out key calendar events in the year, as cybercriminals jump on key trends or holidays as lures in their attacks. For example, last year, the most malicious emails were received on the days surrounding Black Friday, one of the busiest days for online shopping. How are they evading detection? Employees – and the traditional security defences in place to protect them – typically rely on a set of guidelines and rules to determine whether something is malicious. For instance, does the email have a suspicious attachment or link? Does the message contain certain words that signal a threat? Does the sender’s domain contain incorrect characters? Cybercriminals are aware of these rules - and they are doing everything they can to reverse engineer the rules and remove these tell-tale signs from their campaigns to evade detection. In our report, for example, 75% of the malicious emails we detected and analysed didn’t contain an attachment. Zero payload attacks, which don’t rely on a malicious payloads like attachments or links, were used instead – a technique whereby the attacker builds a rapport with victims over time and persuades them to action a request once trust is established. Zero payload attacks can be as devastating as malicious payload attacks, and traditional antivirus and anti-phishing software – which often rely solely on keyword detection and deny/allow lists – struggle to detect them every time. What’s more, our researchers also found examples of account takeover – a type of attack whereby a cybercriminal sends an email to their victim using a legitimate account that they hacked into previously. To all intents and purposes, the sender’s email looks like the real deal. There would be no reason to flag it as malicious – if you’re relying on rules to detect threats. To sophisticate cyber defence policies, then, business decision makers must ensure employees are trained and made aware of the types of threats they could be exposed to. The training must be delivered regularly, if they are to keep up to date with the evolving threat scape. But it’s unrealistic to expect your employees to spot every threat, every time. Regardless of training, employees are prone to mistakes and can be tricked. So, businesses must also consider how to bolster their defences to keep the bad guys out of the inbox. Rules are not enough. For advanced threats, you need advanced machine intelligent security solutions which can detect, and flag, potentially malicious emails based on people’s behaviours on email and alert employees before it’s too late. Cyber Defense eMagazine – November 2021 Edition 103 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
The Top 3 Cyber Security Mistakes a
Page 3 and 4:
How To Effectively Secure Connected
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - November
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
2. Technology and System It is also
Page 37 and 38:
NetOps Enhances Security Growing nu
Page 39 and 40:
the businesses utilizing an indepen
Page 41 and 42:
Sensitive data exposure and the ser
Page 43 and 44:
You’ve Been Attacked by Ransomwar
Page 45 and 46:
● Stop the bleeding: Segregate th
Page 47 and 48:
Digital Transformation Security: Gu
Page 49 and 50:
When the partners and solutions hav
Page 51 and 52: Why The Integration of Netops And S
Page 53 and 54: organizations, where siloed operati
Page 55 and 56: How to protect yourself from cyber
Page 57 and 58: Five Cloud Telephony Security Vulne
Page 59 and 60: By encrypting all data end-to-end a
Page 61 and 62: The following signs may indicate a
Page 63 and 64: The 5 Most Common Cyber-Attacks on
Page 65 and 66: social engineering attacks by reduc
Page 67 and 68: throughout your everyday operations
Page 69 and 70: protect critical systems, applicati
Page 71 and 72: • Protect Data There are various
Page 73 and 74: Overcoming the Limitations of VPN,
Page 75 and 76: • VPN cannot limit access control
Page 77 and 78: About the Author Burjiz Pithawala i
Page 79 and 80: A Work in Progress The Advanced Tec
Page 81 and 82: SOAR Into More Integrated Cybersecu
Page 83 and 84: analyst requires more data to reall
Page 85 and 86: Critically, this survey found that
Page 87 and 88: About the Author Mike East is Vice
Page 89 and 90: complete security strategy should i
Page 91 and 92: Financial Institutions Leveraging C
Page 93 and 94: CIAM is an area that is increasingl
Page 95 and 96: (Image source: Statista) Attacking
Page 97 and 98: than actually going to the server.
Page 99 and 100: and have complete control over all
Page 101: What Do Spear Phishing Attacks Look
Page 105 and 106: Keeping Your Guard Up: Protecting A
Page 107 and 108: create significant security risks t
Page 109 and 110: Stop Phishing in its Tracks The Del
Page 111 and 112: Lateral Movement - The Key Element
Page 113 and 114: isolating endpoints, MDR analysts c
Page 115 and 116: When Does a Vulnerability Become a
Page 117 and 118: So, what if I change my query from:
Page 119 and 120: How To Bring Your Own Key to Hybrid
Page 121 and 122: Absence of sole control - is BYOK t
Page 123 and 124: On-premise versus virtual HSMs To b
Page 125 and 126: Protect Data with Deep Packet Inspe
Page 127 and 128: This type of Data Breach Prevention
Page 129 and 130: We buy more products...and we’re
Page 131 and 132: Access over Ownership Cybersecurity
Page 133 and 134: How To Do Disruptive Innovation Rig
Page 135 and 136: 3. Verify all patents, trademarks,
Page 137 and 138: Cyber Defense eMagazine - November
Page 149 and 150: CyberDefense.TV now has 200 hotseat
Page 151 and 152: Books by our Publisher: https://www
Page 153 and 154:
Page 155:
show all

Cyber Defense eMagazine November Edition for 2021

Create successful ePaper yourself

Delete template?

Save as template?