(Editor's note: In this guest essay, Trevor Hawthorn, Chief Technology Officer, at security training vendor ThreatSim, discusses why phishing remains at the root of many forms of cyberattacks.)
As we mark the 10th annual National Cyber Security Awareness, the most common -- and effective -- cyberattack method is spear phishing.
Some 92 percent of targeted attacks in 2012 started with spear phishing, according to research by Trend Micro.
Attackers can simply e-mail a targeted victim and entice him or her to click on a malicious link.
Phishing is a simple and consistently successful attack vector despite billions of dollars invested into technologies designed to defend against well-engineered attacks.
READ MORE: In Antarctic lake, extreme conditions lead to extreme genetics
After 20 years of technology R&D and the birth of a booming cyber security industry,
users still represent a major security weakness.
users still represent a major security weakness.
Untrained users are in a position to escort the attackers around your expensive security technology every time they click a link or open an email attachment without any hesitation.
The simplest solution is to train people to identify and avoid phishing messages, thus creating a "human firewall." Even small changes can have a dramatic impact.
READ MORE: LA schools halt iPad program in light of student “hacks”
Better training prepares the user to think twice when presented with a suspicious e-mail. Just getting them to pause and think can lead to a dramatic decrease in compromises.
The mantra espoused and championed by National Cyber Security Awareness Month needs to be communicated more than once a year.
Awareness is achieved through continuous activity to inform and remind recipients of a message. Security awareness programs need to be designed like a good advertising campaign that delivers the right message, to the right person, at the right time.
Properly trained, users can act as the eyes and ears in the trenches and report suspicious activity, blunt a phishing attack, and become valuable sensors in the fight against cyber crime.
Courtesy: USAtoday
0 comments:
Post a Comment