Are Your Cyber Security Measures “Doomed to Failure?” If Social Engineering Isn’t a Prime Concern, They Most Likely Are
Times are changing
When even antivirus software giants like Symantec publicly throw their hands in the air and say the industry is “dead” and “doomed to failure,” like their senior vice president for information security, Bryan Dye, said in a Wall Street Journal article published last Tuesday, it’s clear that tactics to secure data and other digital assets must finally evolve from ineffective passive resistance, to aggressive vulnerability detection and equally aggressive coordinated response plans.
If you want to keep your eye on the ball, take a long, hard look at social engineering weaknesses
Network vulnerability testing is the first crucial cog in this necessary sea-change in thinking, but many companies are falling short by not focusing enough attention on the human element. Robert Knudsen, Northeast Regional Manager for Global Digital Forensics (GDF), and an experienced CHFI (Certified Hacking Forensic Investigator), has been helping guide clients through the constantly evolving cyber battlefield for years. To him it’s a simple matter of common sense, “If you are going to scan your networks for vulnerabilities, why not scan your employees for vulnerabilities as well? After all, that’s where the most devastating and costly attacks predominantly find their first foothold into a network.” In other words, ignoring social engineering is pure folly for anyone concerned about data and digital asset security.
Spear phishers may be targeting fewer recipients per campaign, but their aim has never been better
Spear phishing is one of the most effective social engineering strategies hackers have at their disposal to target specific organizations and/or individuals in an effort to breach their network. Just one recipient clicking on an attachment infected with malware, or following links to a bogus site that looks convincing enough to entice them to enter their credentials can open the door to a full scale network breach. According to Symantec’s 2014 Internet Security Threat Report, the number of targets spear phishers went after per campaign in 2013 was down significantly compared to 2012, by 76%, and the recipients receiving these malicious emails per campaign was also down by 81%. But the number of campaigns launched was up by 91%, and the duration of an average attack was also up from 3 days in 2012, to 8.2 days of undetected access in 2013, a whopping 173% increase. These numbers clearly show that spear phishers have been refining their tactics considerably, and to great effect, by forgoing the carpet bombing mentality in favor of more precise surgical strikes. They are not doing it by chance, they are putting in the research it takes from the many sources of publicly available information online, from social media sites, to an organization’s own website. With an organization’s internal hierarchy, names and contact information at their disposal, spear phishing emails can be so well crafted and convincing they can be very hard to distinguish from the real thing. GDF puts a strong focus on social engineering during their penetration testing phase, going through the same efforts real-world hackers do to craft these kinds of convincing campaigns, and then helps an organization raise awareness enterprise wide according to the results. To date, GDF has never failed to penetrate a client’s network, and the eye-opening results go a long way in making the lessons learned stick.
Cyber survival today is also about how you respond when you get knocked down
It’s an undeniable fact; eventually, every organization gets hacked in some form or fashion, whether it comes from the outside, or from within. But the organizations that will weather the storm will be the ones with predetermined emergency response policies and procedures ready to go. Global Digital Forensics has experienced emergency response teams on call and strategically positioned across the country and the globe to be able to respond quickly and effectively whenever an emergency strikes, day or night. And for organizations that use GDF to perform professional vulnerability assessments and penetration testing, no-retainer Service Level Agreements (SLAs) are available so you can always have expert responders waiting in the wings should an emergency event materialize, without having to spend anything if nothing happens. GDF can also help clients craft emergency response policies and procedures from scratch, if none exist, or help bring existing plans up-to-date to meet today’s threats, as well as design an effective escalation matrix which can be easily followed to make sure your initial response efforts move like clockwork. It’s as close to a no-lose-scenario as it gets to deal with cyber emergencies, from identifying and stopping the attack, to reporting procedures and other regulatory compliance issues that may be involved for specific industries.
The right cyber security plan is cost effective and tailored to suit your unique needs
Global Digital Forensics is a recognized industry leader in the fields of cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit www.evestigate.com.