IAM

Fish, phish, spear phishing…not catch and release!

By May 22, 2018 No Comments

According to research, 91% of cyberattacks and the resulting data breach begin with “spear phishing.”  And who do you think has been identified as the weak link in IT security that enabled those breaches?  Research pin points you…one of the company’s end users.

Spear phishing is a targeted attack (against specific groups such as employees of a company) in an attempt to undermine that company by using tactics to convince employees to do something to gain access to proprietary data or company systems.  Usually the message may appear to come from a recognizable authority from the company who may ask for information such as IDs and passwords.

Spear phishing success means that your brand and trust in your brand can be destroyed if news of the data breach reaches the public. And when that happens, according to research, 60% of your customers will think about moving their business and 30% will actually do so.

A few years back, The Wall Street Journal carried a story about a former New York State CIO’s use of fake phishing emails to test the awareness of some 10,000 New York state employees.  What he found was that even after training, about 15% of the phished recipients access the fake URL and tried to enter their passwords…yes…even after training.  You may say to yourself…it is so obvious that no one should provide that kind of information.  And yet, the evidence of firms losing money points to the fact that phishing methods work.  Put simply, there are people who inevitably click on links in phishing emails.

So, what do you do when you’ve been hooked by a spear phisher? 
As a general rule of thumb, the affected users’ passwords need to be changed…whether or not there’s evidence of a serious breach because you’ll never be 100% sure that the victims were not completed compromised.   An attacker who now has the keys to open the data doors, can open them at any time…and probably not when you expect them to be opened.

So how do you keep your business safe?
For most emergencies, there are protocols. What is the protocol in this emergency?  The protocol is proactive protocol.  Invest in a password management system.  Make sure you have a password solution with multifactor authentication. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.   And with those inevitable “clickers,” with a true enterprise system in place, if there is a suspicion of an attack, the company can quickly notify end users especially with end users who may be unware that they compromised the company or shy in reporting such a misstep.

ILANTUS has a multi-factor authentication password management tool that admins can access immediately send a message to the entire AD base with a URL for each user to immediately change their password.  The beauty of this product is that it is self-service – all users can change their passwords in a small amount of time unlike users who are forced to use a Service Desk.  Recently, we heard about a company breach that sent 1000 users to their Service Desk.  Those password changes took time, backed up the service desk, backed up the end users ability to continue to work and ended up costing the company a lot of money per service ticket.

If you think your organization is safe from a phishing attack because you haven’t yet been targeted, think again.  Think about protecting the company with a true enterprise password management solution.