News junkies make great targets

As Internet users become more attuned to well-known spamming and phishing attacks, cyber criminals have to invent new ways to lure them into opening a malware-laden email or clicking on a link that goes to a malicious website.

As Internet users become more attuned to well-known spamming and phishing attacks, cyber criminals have to invent new ways to lure them into opening a malware-laden email or clicking on a link that goes to a malicious website.

Unfortunately, the truth remains that individuals are a weak link in the battle against cyber criminals. Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.

The 2013 Verizon Data Breach Investigations Report finds that sending just three emails per phishing campaign gives the attacker a 50 per cent chance of getting one click. With six emails the success rate goes up to 80 percent and at 10 it is virtually guaranteed. Social media helps spur success, enabling cyber criminals to gather information about us so they know how to more effectively entice targets to click on that malicious email.

Most security professionals know that security as a people problem is not going away anytime soon, and the advent of the Internet of Everything is going to make this even more of a problem. Not only will users be able to inadvertently expose their systems to malware from their laptops and tablets, they will also be able to click on links from their smartwatches, kitchen appliance and cars for example.

It won’t take long once that malware is on their device for it to proliferate across the entire network and any connected devices, simply from a seemingly trusted news link sent from a “friend’s” email address.

In order to address this growing concern, security professionals need to move beyond securing devices and data to addressing the people and process aspects of this problem via education. Organisations must recognise this gap in their security and implement internal programs to ensure users know how to recognise and cease to click on potential malware.

They must also understand when and how to inform the organisation of any suspicious occurrences so future attempts can be minimised and/or blocked.

Raising awareness and offering simple suggestions such as hovering over a link without clicking to view the intended URL, or not opening attachments you didn’t request, can go a long way in the fight against cyber attacks.

Even with the best of education, malware will still make its way onto the network. Organisations need security solutions that couple visibility and control to help protect against these inevitable attacks.

You can’t protect what you can’t see. Organisations need comprehensive visibility into the devices, users, applications and systems that connect to your network day in and day out with the right context.

Security solutions that have contextual awareness can see and intelligently correlate extensive amounts of event data related to IT environments—applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats. They can also correlate that local data with global intelligence for even greater insights.

This correlation provides the context needed to make more informed decisions. To turn those decisions into immediate action and protect organisation from today’s advanced threats, security solutions must be able to give you control to automatically and flexibly tune and enforce policies across the entire network.

Attackers are learning from each attack to increase their chances for success. As defenders, we need to do the same. Education is an essential component of any well-rounded security strategy. When combined with visibility and control, it can help minimise cyber attacks and protect our networks, even from the actions of well-intentioned news junkies.

Dean Frye is Technical Director, APJC at Sourcefire, now a part of Cisco.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CiscoCisco SecurityCisco SecurityVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dean Frye

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place