One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1033923 |
| Date de publication | 2019-02-20 14:00:00 (vue: 2019-02-20 16:00:42) |
| Titre | Securing People |
| Texte |
Cyber security has three pillars of people, process, and technology. Enterprises have historically had a skewed focus towards the technology aspect of cyber security - installing another endpoint agent, or deploying another network monitoring device designed to seek out anomalys behaviour.
While all these things are well and good, when you look at user awareness plans, and most companies have a once-a-year activity where they go over a few points and hope people remain educated.
And as far as processes go … well, it’s unclear how much of a conscious effort is put into developing robust processes for cyber security, particularly in small and medium businesses.
If we take an unscientific look at some of the trends over the last couple of years, we can see that attacks coming from non-state adversaries has been changing some of its tactics. It is no longer possible for most attackers to waltz in through the virtual front door of organizations and access their data. Which is why many attackers focus on different areas.
Three of the most commonly spotted areas are as follows:
.jpg)
Employees
Going after employees is a tried and tested method. Be that dropping USB drives marked “HR bonus list” in the car park, or sending targeted phishing emails, these attacks have proven to stand the test of time.
Phishing emails have been used in many ransomware infections, as well as Business Email Compromise (BEC) rely on duping users within a company.
At the beginning of 2019 it was reported that the Indian unit of an Italian firm was targeted and managed to swindle $18.6m. This trend shows no signs of slowing down as Business email compromise (BEC) fraud attacks soared 58% in the UK during 2018, possibly affecting as many as half a million SMEs, according to Lloyds Bank data.
Customers
Employees aren’t the only ones targeted by criminals. Customers of companies are also fair game in the eyes of hackers.
Phishing attacks are a common avenue, with scammers masquerading as popular brands such as Apple or Amazon, threatening behaviour such as law enforcement or the tax office, or even pulling at emotions such as love and greed.
In fact a Netflix phishing scam was so bad, even the FTC issued a statement warning customers about it.
|
| Envoyé | Oui |
| Condensat | $18 “hr 2013 2018 2019 3rd able about access accessible according accounts across activity adversaries affecting after against agent all also amazon anomalys another any apple approach are areas aren’t asking aspect associated attachment attachments attack attackers attacks avenue avoiding awareness bad bank be: bec becoming been beginning behaviour bonus both brands breach breaches broke business businesses but can captured car chain challenging changing clicking coming common commonly companies company compromise conducted conscious consider consistent continually could couple credential credentials criminals customers cyber dangers data deploying designed developing device different directly disclosed door down drives dropping duping during easier educated effort eliminate email emails emotions employees endpoint enforcement enterprises epidemics establish even existence exploit extend eyes fact fair fallen far finally firm fledged focus follows: forums forward fraud from front ftc full game getting going good greed hackers had half has have help historically hole hope how hvac important importantly incident increase indeed indian infamous infections information installing isn’t issued issues it’s italian its just last law link links list” lloyds localbitcoins log longer look love managed managers many marked masquerading may medium method methods million mole monitoring more most move much navigate need netflix network new non not office once one ones only onto opening organizations other out over park particularly parties partners party password passwords people perhaps phishing pillars plans plug points popular popularity possible possibly practices proactively process processes proven provide pulling put raise ransomware recent recommendations redirect relationship rely remain report reported reporting reuse reused risen risks robust scam scammer scammers securing security see seek sending sensitive services should shows signs simple site sites skewed slowing small smes soared some spotted stand state statement stop stuffing such supply suspicious swindle systems tactics take target targeted tax technology test tested these things third those threatening three through time too tools towards training trend trends tried try unclear unit unscientific usb use used user users victim virtual waltz warning way website well whack when where which who whom why within would year years |
| Tags | Ransomware Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.