As
the Connect to connect summit started on 28th of July 2015, one of
the key things addressed was the cybersecurity. From an opening speech - The Ministry
of Communication, Science and Technology noted the issue of cyber threats being one
of the serious problems to any country if right measures to minimize the risk are not implemented.
Added
to that, I took part in a Workshop (Panel discussion) discussing the trends of
cybersecurity where we agreed that cyber threats have become a top concern for
today’s security, risk, finance, legal and technology leaders. With notable
data breaches leading evening newscasts and malicious e-mails zipping through
inboxes, the Internet is quickly becoming a combat zone. And the war rages on
not only between white hats and black hats, but also with outside parties, such
as government officials, who are paying increasing attention to the issue.
As
businesses prepare to fend off large-scale attacks, they often overlook the
lesser-publicized threats that don’t reach for news headlines as often. If left
unmonitored, these smaller threats can wreak just as much havoc on a company’s
bottom line and brand reputation as the large ones. Thankfully, the information
required to identify these risks and the tools to mitigate them often don’t even
need a third party to become involved.
Therefore,
politicians are not as likely to invest their time and rallying power into
these threats — but that doesn’t mean the long-lasting impact is any less
potent.
Phishing
E-Mails
According
to Verizon’s 2015 Data Breach Report, during the past two years, more than
two-thirds of all cyber espionage incidents involved phishing. In fact, a small
phishing campaign of only 10 emails is more than 90 percent likely to produce
at least one victim.
And,
while today’s Internet users may have become savvier in noticing blatant
phishing emails, today’s cybercriminals have also evolved. By tapping into some
of today’s most buzzed-about news stories, such as the 2014 Ebola outbreak or
the 2013 Target breach, scammers are able to more easily target unsuspecting
email users.
For
instance, lately, there has been an increase in fake e-mail activity around the
recent earthquake in Nepal. These scammers claim to be from reputable
charities. But, rather than donating to help the people of Nepal, users may be
sending donations to the hacker — or another group entirely.
Traditionally,
phishing emails were tied almost exclusively to phishing websites – fake sites
designed to fool users into giving up their account details and other personal
information. Recently, however, phishing emails are being used to infect users
with potentially devastating malware, from it acting as a traffic proxy to
distribution nodes for other malicious files.
Rogue
Mobile Apps
With
more than 1.4 million apps currently available in Google Play, it’s fairly easy
for a malicious application to masquerade as a familiar, legitimate one.
Often,
users hear about the “latest app” and run to download the first one that pops
up in their search, rather than looking very closely at it to ensure it’s
authentic. The app may look official and even feature the brand’s logo and
imagery. However, what they’ve just downloaded may actually be an app riddled
with malware. An additional level of risk is added by the plethora of
third-party app stores, many of which are run by the “bad guys” themselves.
The
pace of the app revolution has increased significantly in the last few years as
users tap into apps for everything from gaming and banking to tracking their
health. As users have flocked to mobile platforms, hackers have also become
more sophisticated in their techniques to design imposter apps to trap innocent
consumers. Take, for instance, the Virus Shield incident in which users paid $4
to download the app, which did absolutely nothing. Meanwhile, the developers
made almost $40,000 before Google caught the scam.
Sinister
Social Posts
Social
media is by far the fastest-growing domain for scammers. As brands invest in
these channels to stay relevant and engaged with their customers, scammers are
also taking advantage of users across social media. These platforms allow
scammers to sit back and watch as users become unwilling accomplices by sharing
malicious content with their own followers.
According
to Symantec’s latest Internet Security Report, 70 percent of social media scams
in the last year were manually shared by users. This speaks to the fact that
social users trust when they see a well-known brand posting on social media,
and they may not think twice about sharing posts.
Clickjacking
attacks.
In
today’s cybercrime-ridden world, attacks in progress or schemes that infect
systems with malware may grab the most headlines, but simple phishing, brand
abuse and identity theft continues to set the stage for larger-scale attacks.
The
breach of a sophisticated network can happen with the click of a mouse, but the
exploitation of that network does not happen overnight. And, luckily, many
companies are now investing in monitoring technologies and services to identify
and mitigate potential threats, both internal and external, no matter how
small. The forensic data developed from phishing attack investigations can
reveal just as much about potential hackers and criminals as those who are plotting
larger-scale incidents.
Whether
or not a business is willing to share its information with the government to
potentially help curb large data breaches, these smaller threats will remain a
serious threat. If left unchecked, something as simple as a phishing e-mail
could have long-lasting ramifications for the brand and its business. That is
why implementing a wider, more encompassing security strategy that might
include a holistic monitoring approach, could potentially help businesses.
By
taking the information they already have access to and then identifying risks
across multiple online domains, businesses will be able to safeguard companies
and citizens alike. And in the end, companies will be able to ensure a better
business model with proactive threat monitoring, a more solid brand reputation
and a safer consumer community.
No comments:
Post a Comment