Research shows that 91% of targeted attacks start with spear-phishing email. For instance, the mega breach witnessed by the state of South Carolina in which the hackers stole 3.6 million Social Security numbers and 387,000 credit and debit card numbers started with a phishing attack around mid-August 2012. As per South Carolina Department of Revenue, ‘Public Incident Response Report, November 20, 2012’, "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware most likely stole the user’s username and password." |
Today spear phishing is the most popular criminal strategy employed by cybercriminals to steal critical personal and business information. The Cisco white paper “Email Attacks: This Time It’s Personal” clearly points out the reason behind the popularity of spear phishing attacks among the criminals. According to Cisco, through spear phishing the criminals make around $150,000 per campaign, which is very much higher when compared to mass phishing where the profit is $14,000 per campaign.
Cyber experts have found out a new kind of enterprise spear phishing attack where the cyber criminals use the mail ids and phone numbers provided in the company websites to call unsuspecting victims, for instance, accounting and finance department employees, and ask them if they can receive emailed invoice. However, when the employees open the email and click a link or download an attachment, it releases a variant of the remote access Trojan that steals passwords and launches DDoS attacks.
In such a scenario, products and services that address the "process and technology" aspect of security is not enough, what is required is an effective solution to address ‘people risk’. A best of the breed diagnostic solution helps organizations to evaluate the readiness of employees against phishing and social engineering attacks by either allowing the simulated phishing attack or a more targeted spear phishing attack. Given below are some of its benefits.
• Helps understand user behavior and effectiveness of the People controls across the enterprise.
• Assists organizations quantify the potential risks of social engineering.
• Provides flexible reporting capabilities with integration back into the organization's key performance indicator framework.
• Provides a road map for building security awareness and training within the organization.
• Identifies weakness within People, Process and Technology links, allowing prioritization of remediation efforts through effective benchmarking and maturity analysis.
• Generates a “Teaching Moment” that provides a safe, customized learning experience for users – resulting in increased employee awareness and knowledge that helps protect the sensitive information entrusted to them of everything a business does.
Thus, with diagnostic solutions, enterprises can increase employee's phishing awareness and significantly reduce the chance of loss of sensitive data.
Read More About: phishing protection, anti phishing tool
Related Articles -
enterprise spear phishing, simulated phishing attack, phishing awareness, phishing protection, anti phishing tool,