According to news reports, a spear-phishing experiment conducted over the past few days has revealed some disturbing new risks for organizations using enterprise e-mail products and services: Most major enterprise e-mail products and services were unable to detect a fake LinkedIn invitation that looked like it was from Bill Gates inviting people to join his professional network. Once the ‘victim’ clicked on the ‘invite’ link, they were sent to the phishing site where information about the ‘victim’ was captured.
The article in Dark Reading detailed comments from CEO of PacketFocus including: “I tested the spoofed e-mail on six different enterprise networks using the latest e-mail security technology from most of the major vendors, and not a single one picked up on the spoofed e-mail”.
Why should this story be important to organizational leaders? Your people (employees, managers, board members, partners, service providers, etc.) could be the ‘victim’ if they are not aware of risks and threats that technology cannot prevent.
What can organizational leaders do to proactively prevent risks that cannot be stopped by technology? Because this is a social-engineering attack on people’s lack of awareness, organizational leaders must implement faster, simpler and better tools to help ensure ongoing awareness at the individual-level.
This experiment represents a ‘red flag’ for organizational leaders to take immediate action before the next phishing e-mail with a fake link leads to a real threat rather than an experiment.