Cyber Attacks are on the rise and they are creating big problems and big expenses for organizations of all sizes and across most sectors. Organizations being hacked include some of the most recognized in their respective sector including the US Office of Personnel Management (OPM), the White House, Anthem, UCLA Health, JP Morgan, Target, Staples and a long list of others.

Question: Would you rather PREVENT cyber attackers from penetrating your organization or would you rather REACT to cyber attackers inside your organization?

Answer: PREVENT (by the way…everyone agrees preventing is better than reacting)

Yet, with all of the lessons learned from hundreds of cyberattacks…most organizations continue to play right into the hands of cyber attackers by adding more REACTIVE information security devices/software.

Connecting the dots… …with Preventing

Many organizations, including OPM (government), Anthem (healthcare), JP Morgan (financial) and others, have made significant investments in information security products such as intrusion detection and behavior detection as well as more traditional products like firewalls and end-point security devices. And while everyone agrees PREVENTION is a better approach, organizations keep spending more and more of their budget on products that REACT to threats already on your network rather than solutions that PREVENT them from accessing your network. Recently one of the most respected information security and cyber security firms – FireEye – shared some very unsettling news in their latest “M-Trends” report about the effectiveness of REACTING:

One of the key findings in this year’s report was that cyberattackers have free rein in a victim’s systems for a median of 205 days before being detected. While that represents a decline from the 229-day median in 2013, some breaches “can go undetected for years,” according to FireEye. One client the company dealt with in 2014 “had been breached for over eight years unknowingly.”

http://www.cio-today.com/article/index.php?story_id=020000OU7HGG

Connecting the dots… …with Preventing

Lessons learned from recent attacks on US federal agencies show phishing and spear phishing are how cyberattacks are accessing your network:

A tenacious team of Chinese hackers targeted several large federal agencies in June with a new spear phishing campaign that uses an undiscovered flaw in Adobe Flash Player.

Like most spear phishing campaigns, this effort singled out specific agency employees with innocuous-sounding email messages that contained a URL to a server hosting ScanBox JavaScript. That code would identify a user’s vulnerable software and then download a malicious Adobe file that opened a backdoor into a target’s network.

http://fcw.com/articles/2015/07/13/fed-phishing.aspx?s=fcwdaily_140715

Connecting the dots… …with Preventing

Lessons learned from IBM’s Managed Security Services Report (April 2015) on the Dyre Wolf trojan as a big problem for banks around the world and the report shows Step 1 for the cyberattackers is spear phishing:

The Dyre/Dyreza trojan started out as a seemingly simple RAT (Remote Access trojan) project around mid-2014. It has since evolved rapidly and aggressively, shape-shifting in both its technical make-up and crime methodologies. At the time of writing this report, Dyre is a full-blown banking trojan that is keeping security professionals guessing, and its victims in remediation mode.

STEP 1: THE SPEAR PHISHING

An employee within the targeted organization receives an email that explains the attached invoice is for their review. It’s important to note that this does not have to be emailed directly to their company email. It could also come to their personal account that they happen to check at work.

Inside the email is an attached zip file. This file is typically named “invoice*”, “Fax*” or “doc*” with a random number generated behind it.

https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/dyre_wolf_4-2-2015.html

Connecting the dots… …with Preventing

Lessons learned from Kaspersky’s recent report on Carbanak malware reveals the cyberattackers depend on spear phishing:

A hacker group made off with as much as $1 billion from 100 banks in 30 countries by distributing a remote backdoor via spear phishing emails to bank employees.

http://www.scmagazine.com/attackers-used-phishing-scheme-to-distribute-malware-in-banks/article/398428/

Connecting the dots… …with Preventing

Did you notice how all of these “sophisticated attacks” started?

They all started with PHISHING / SPEAR PHISHING emails targeting employees.

Connecting the dots… …with Preventing

Cyber Attackers know your weakest link(s) – YOUR PEOPLE (employees, service providers, contractors, customers, etc.)…so YOUR PEOPLE are the ones that can PREVENT BREACHES.

If your organization has access to:

• Sensitive Information
• Customer Information
• Patient Information
• Medical Records
• Personally Identifiable Information

Connecting the dots… …with Preventing

Your organization can and should be taking immediate actions to ensure YOUR PEOPLE have:

• Email AWARENESS – How to identify Phishing / Spear Phishing Emails
• Ongoing AWARENESS – Keeping employees updated on new/changing attacks
• Incident Reporting AWARENESS – How, Why and Where to report suspicious emails
• Situational AWARENESS – What actions to take in different situations
• Organizational AWARENESS – What your organization will ask for / not ask for via emails
• Policy AWARENESS – What are your organization’s policies and procedures
• Regulatory AWARENESS – What regulations must your organization’s employees follow
• Prevention AWARENESS – How to help your organization prevent incidents/attacks
• And more…

However, evidence reveals Awareness alone is not enough (knowledge is not power).

Action is the real measure of intelligence and YOUR PEOPLE’S actions are the key.

Lessons learned clearly show how taking the right actions can make all the difference and requires:

• Your organization has the right tools to get the right awareness to YOUR PEOPLE (employees, service providers, contractors, customers, etc.) in the right places at the right time and on an ongoing basis as cyber attackers change their tactics
• YOUR PEOPLE have the right tools to report phishing/spear phishing attacks so details get to the right people in the right places at the right time so they can take the right actions to block web links to malicious websites and/or block or strip malicious documents so YOUR PEOPLE cannot access the malicious website / documents

Prevention is a better option…

Are YOUR PEOPLE (and your organization) Aware and Equipped to Prevent?

Take action now…click here to become aware of proven PREVENTION tools for YOUR PEOPLE.