The changing face of crime…cyber criminals are ramping up their game and you need to know how to identify the attack!
There are many ways people can be tricked into allowing or introducing malicious programming into their systems. It’s not enough today to just up-date-antivirus software. We are all responsible for Information Security! Frontline users are often the first line of defense. Your awareness can help stop these attempts from getting in the front door.
Let’s talk about the top 5.
1. Phishing emails
These are e-mails or messages that we receive with the intent to steal user data, including login credentials and credit card numbers. They are typically designed with generic content. The phisher will send out thousands of these messages in hopes that someone will not be paying enough attention and click on the link. Keep your eyes open for these non-descript enticing e-mails and don’t fall for the bait!
2. Spear phishing emails
Similar to phishing e-mails or messages, spear phishing is a much more targeted approach. The attacker will glean information from a social platform and target you with a message that seems to be more personal. These are generally disguised as coming from an acquaintance. The reason is so you feel more comfortable “clicking that link...” An example would be that you announce you are going to Las Angles next weekend on your Twitter feed and you receive a message suggesting a particular restaurant and there is a link to their menu another could appear to come from your boss, asking you to release funds for a specific reasons. When in doubt, ask the source via phone, video conference, or in person. You don’t want to be at the pointy end of this scam!
3. Flash Drives
Something we take for granted too often. Flash drives are an easy convenient way to store and move data around. We simply plug it in and most often it auto executes programs to show us what it on the drive. What we often forget is that it is a perfect little vector for malicious software. Unless you are 100% sure you know the source of the drive do not plug it in.
4. Out of date / unpatched systems
This one is little harder for the end user to control. Someone will need to take the lead role in making sure that your system is current. Operating systems that are no longer supported and unpatched are the most vulnerable. Priority must be given to removing and replacing these systems as soon as possible. End users should report any out of date systems they discover.
5. Ransomed ware / Denial of service
A form of malware that when introduced to your system will encrypt your data. Like its name the, the attacker will then require that you pay a fee to them to restore your data. Ransom ware can find its way into your system through phishing messages, flash drives or compromised websites.
Tips to keep the attackers out!
Last but not least…SLOW DOWN! We all get caught up in getting things done quickly. Our new world prides itself on the amount of output we can provide. This is exactly what the hackers are banking on. So slow down and look at what you are opening and ask yourself about the legitimacy of that link or attachment.
ISG Grizzly Shield Security Services
We take an easy three step approach to helping organizations Secure their AWS environment:
Pinpoint – Understand the level of maturity your security program has achieved and the possible gaps that may be present.
Jump Start – Develop Project plan/Roadmap for initiatives required to bring your Organization to the point where 24 X 7 monitoring can be leveraged, and data consumed by an MSP or internal staff or a combination of the two.
Monitoring, Training, and Ongoing Management – 24 X 7 monitoring and alerting based on defined SLAs.