While most people are opening doors to cute ghouls in costume this season, you’re worried about the real specter of a cyber attack. For you, the ghost in the machine is an online attack, and that’s scary business.
One of the most frightening aspects of these attacks is that many come in the guise of help. Consider the threat of phishing, for example.
A popular phishing technique is to send a message that looks like it’s from a vendor asking for login information to deliver a product or service you can legitimately use. Spear phishing, a more sophisticated approach, gets even more personal by leveraging social media information to better target the attack. With pharming, attackers can capture your credentials via a fake website.
How to not fall for these scams? Treat your employees to regularly scheduled cybersecurity awareness sessions teaching them to beware of generic greetings and not to click on suspicious-looking links in emails or on websites. Legitimate companies won’t ask for personal data — neither will they expect you to click on a link within an email that takes you to a login page.
Whaling Exploits Betray Trust
One of the newer tricks you’ll face comes in the form of “whaling.” Hackers assume the identity of a CEO or other trusted authority and target an employee who manages money. The trusted employee reads an email that sounds like it’s coming from the boss, and follows instructions to wire money or send sensitive information.
Your defense? Arm your staff. Yes, executives need to take care, organizations need to include staff with access to accounts in security training. Establish protocols ensuring everyone knows how to report receipt of an urgent-sounding email asking for money. Train now to avoid paying later.
Evasive Malware Masters Art of Disguise
Perhaps the trickiest threats to detect are the new generation of evasive malware. These programs appear dormant when being run in a sandbox test environment, but rise from the dead when released out into the wild. Reports note 500+ malware evasion behaviors are being tracked by researchers right now.
How to catch these spooks in the act? Keep vandals at bay with your own bag of tricks starting with a platform of advanced security tools such as next-generation firewalls, secure email gateways, web application firewalls and endpoint security tools to protect against known threats. These need to be paired with two-factor authentication, patch management and VPNs to reduce threat vectors.
Add advanced threat detection technologies to automatically detect previously unknown threats and create actionable threat intelligence. In particular, new generation sandboxing solutions evaluate behaviors, not just signatures, to turn the unknown into the known; and automatically share actionable threat intelligence across integrated detection and prevention tools to improve incident response.
If you’d like even deeper, spine-chilling insight into your network activity and strength of your cybersecurity posture to ward off creepy threats, contact Xiologix for acomplimentary cyber threat assessment.