Thursday, 16 April 2015
Report: Workers Last Line of Defence for Phishing Schemes
A surprising research report from Verizon paints a grim picture regarding phishing schemes and corporate computers. According to the report, workers are the last line of defence for phishing schemes, yet they fail at a rate of 25%. Leading report author Bob Rudis believes proper training can reduce that number to 5%.
Verizon's research suggests that it takes a mere 82 seconds for a new phishing scheme to capture its first victim. The numbers come from an analysis of nearly 80,000 security events among thousands of companies. Furthermore, a 25% success rate among scheme perpetrators means they are fooling 25 out of every 100 employees into opening scam e-mails. Once opened, perpetrators have all sorts of access to computer data and keystrokes.
The largest companies that employ tens of thousands of people essentially have an incredibly large security hole looming within their walls. Rudis says the key to closing that security hole is training workers in how to spot phishing e-mails before these are clicked through. It is not enough for companies to rely on the IT services and security departments to catch every security threat before any of them make it to the individual worker's inbox.
Rudis went on to say that the time difference between ensnaring victims and companies recognising they have been victimised is substantial. Verizon's research data suggested that at least half of the phishing victims had clicked on the offending e-mails within one hour of receipt; it could take a company days or weeks to detect compromised systems. In that time, the damage that perpetrators could do is unthinkable.
In the age of globalisation and cloud computing, it is naïve for a company to operate under the assumption that bad things only happen to the competition yet far too many companies conduct daily business this way. They also assume that their workers have the knowledge and experience to recognise phishing scams easily at first sight however Verizon's research clearly demonstrates this is not so.
Perpetrators are becoming increasingly sophisticated in the methods they use to gain access to corporate and personal computers therefore management and security experts can no longer assume the average worker is capable of spotting potentially unsafe emails. Workers have to be trained in the tell-tale signs of a phishing scams in order to change their thinking. Something as simple as using the mouse to roll over links prior to clicking can go a long way toward thwarting the attempts of cybercriminals.
Rudis says that better training of employees can, and should, be coupled with security departments continuing to develop hardware and software solutions. All three together can drastically reduce the ongoing threat of phishing scams. That said, phishing attempts will not cease as long as there are cybercriminals around to perpetrate them. The digital age brings with it the ever-persistent threat of cybercrime; a threat that will continue to evolve along with the state of internet and networking technology.
Source: BBC – http://www.bbc.com/news/technology-32285433