I have said it before, and I will say it again, the end-user is your most significant threat to your company. Let’s take a look at some fun statistics:
- Wombat Security released their “2018 State of the Phish Report” and reveal, 76% of organizations experienced phishing attacks in 2017.
- According to CSO,on average, cyber-attacks cost U.S. enterprises $1.3 million in 2017.
- Phishing Labs latest reportstates that phishing volume has grown by 33% across five targeted industries.
- Barkly statesthat 1 in 131 emails contains malware.
- Impersonation attacksare growing 50% quarter over quarter.
- 78% of people claimto be aware a link is risky, but they still click it!
- Social engineering accountsfor 77% of all socially based attacks.
- Manual sharing accountsfor 71% of attacks on social media.
- 60% of end-users feel using public WIFIis riskier than using a public bathroom.
Let’s highlight two recent attacks that have happened and are very preventable!
City of Atlanta
According to Barkly, the city of Atlanta was targeted by ‘SamSam’ which attacks servers exposed to the internet via brute force attacks on RDP or other exploits. ‘SamSam’ has logged eight attacks in 2018 with the primary targets being healthcare and government organizations. The interesting thing about ‘SamSam’ is it is NOT spread by emails or an employee clicking a link, instead the ransomware targets servers on the internet with weak or stolen credentials. The error and question that needs to be asked is, why expose critical servers to the internet?
Lord & Taylor, Saks Fifth Avenue Data Breach
According to the New York Times Saks was targeted by a Russian group known as Fin7 or JokerStack. This breach resulted in 5 million records stolen. It is not clear on how the records where obtained but is suspected via phishing emails sent to employees. A phishing email is simple; a user gets a seemingly legitimate email that encourages them to click on a link. When a user falls for this tactic, the link unknowingly installs software onto the computer giving the hackers a backdoor into the systems. The question that needs to be asked is, how can we prevent phishing attacks?
The great thing about being a ‘Valued Added Reseller’ (VAR) and consulting partner is I can propose the best solution stack for my customers. Let’s take a look at some technologies that can help mitigate these attacks:
- Offload insecure web browsing by letting someone else assume the risk. Citrix Secure Browser Service is a simple way to offload unsafe browsing to isolated, cloud hosted, and throw-away web browser session. Essentially whitelist only the URLs that you want running on your network and offload the bad. This integration is clientless via HTLM5.
- Exposing your servers to the internet is so 1990s; front-end them with a NetScaler leveraging Secure Web and Unified Gateway. Gain insight into the traffic while securing it. No more exposing RDP ports to the internet!
- Whitelisting should be top of mind and Ivanti’s Endpoint Protection takes a user centric approach to securing the endpoint. Prevent, detect, respond and remediate with one product stack which includes Invanti’s Application Control and Patch for Windows.
- Consider a next generation antivirus solution such as Bitdefender’s Gravityzone Ultra Suite and take prevention and remediation to the next level! Bitdefender has the first ‘Anti-ransomware Vaccine’ which works by exploiting flaws in ransomware and stopping the encryption process.
- Think beyond your network by considering a Secure Web Gateway like Zscaler so users cannot circumvent security controls and have to put ALL business-related web traffic through a central gateway securing ALL applications on and off premises.
I have heard it all from “SaaS application X can never be hacked,” to “Why do I need to secure web sessions,” to “I cannot prevent users from clicking the wrong thing”. While these statements are true in a perfect world, the truth is, most hacks can be prevented. The question is, how seriously does your organization take it and do they want to be a headline!