Which are the most common mistakes from people that lead to data breaches or hacking?

Ordinary staff members and even people from the top management of a company can be victims of a scam that leads to a breach in the systems. Every case is unique by itself. However, there are some common mistakes that people make, which costs them a lot. 

Weak password management

Unfortunately, this is something very common. A lot of people don’t take the time to create strong passwords and change them frequently. On the other hand, storing them is another potential vulnerability. Here are some tips on how you can improve this: 

• Create strong and complicated passwords that you change at least once every six months; Passphrases are good option.
• Don’t use the same password for two or more accounts; 
• Research and use reliable and secure password management software; 
•  It is not recommended to save your password automatically in your browser; 
• Enable two-factor identification and additional security questions when this is possible.

Every company should provide guidelines to the employees on how to create and store their passwords and secrete codes. It is good if those rules are followed by them for their accounts as well – like social media, private email, etc. 

Inability to detect phishing emails and messages

This is another big issue regarding staff members. In many organisations people don’t have the needed knowledge to spot and detect more complicated phishing emails. Here are some universal ways to do that:  

• Check the domain where the email comes from. Often by trying to imitate the website of mobile operators or financial institutions, the hackers create a copy of their standard email template or even of their websites. You can check the domain name and compare it to the real one. Often there is a very small difference that you can notice; 
• No legitimate institution or organisation where you have registration, account, or subscription will ask you to enter the details of your account or credit/debit card in email. This is a huge red flag; 
• If someone on social media is sending you a link with no description or with a weird-looking one send them a message back and ask specifically what is this link and where it will redirect you when you click on it; 
• You can never be too careful – if you have any doubts about a certain email or message consult with the security officer in our organisation. It might be a false alarm but it is better to be safe than sorry. 

Failing to update devices with much-needed software upgrades

This is also a classic case. Very often companies issue patches or software updates that fix vulnerabilities in older versions of the software. Usually, they inform all users to update their devices with the latest version to eliminate the chance of security breaches. However, not everyone listens to them. 

A while back we told you about the big leak of VPN Account Passwords From 87,000 Fortinet FortiGate Devices. It was possible because many users failed to update their devices and although the bug was fixed in May 2019 it remained one of the biggest exploits for hackers in 2020 as well. 

That suggests that a lot of the clients of Fortinet may not have followed the instructions to upgrade their devices and that left them vulnerable. And this is not a standalone case. Such negligence can bring a lot of trouble. 

What can be done to prevent all of this? 

Nobody is perfect. People are going to make mistakes. It is inevitable. However, there are several ways you can help your employees have the needed skills and knowledge to minimize such errors and contribute to the cybersecurity of the whole organisation: 

• Invest in staff awaraness training – make sure that the people that work for you are familiar and can identify information security threats and handle them accordingly. Like every other thing, this works best when the solution is tailor-made for the needs of the specific company;
• Raise awaraness about cybersecurity – get the people involved and help them understand that cybersecurity is important to your company as all other everyday activities and business operations; 
• Provide resources and guidelines – the average person is not a cybersecurity expert and doesn’t have to be. However, you can help them by providing simple guidelines they can follow and giving them useful resources that won’t make following the security recommendations a burden. 

There is not a magic pill that can make human errors go away. What you can do is invest in staff training and make cybersecurity a strategic priority for your company and staff. If you need help with that just give us a call. Our expert team will be happy to help!

The post What are the most common human errors that allow hackers to penetrate your company’s system? appeared first on 3Cyber-Sec.

Todor is a cybersecurity leader with significant experience and an enviable reputation. During his years of professional career, he has developed cyber security control frameworks to serve the needs of heavily regulated leading Banking, Insurance, and Commercial entities.

What are the cybersecurity risks in the financial and payment industry?

The financial industry, in general, is very wide and it includes several large areas that are different from each other: 

• payment industry; 
• insurance industry; 
• banking;
• finance. 

In recent years fin-tech is another big field that can be added to the list above. The organisations that operate in those highly regulated sectors store valuable information for their clients like: 

• personal data;
• financial data; 
• health records (for insurance companies). 

In recent years cyber attacks in the financial sector have gone through the roof. For example, securitymagazine.com cites a report from Trend Micro on ransomware. According to it, in the banking industry alone there is a 1,318% increase in ransomware attacks. However, this is not the only threat out there. 

“Since the beginning of 2021, there have been some major cyber-attacks on financial institutions. Only in January, there were some attempts to target big names in the financial and payments industry like PayPal, American Express, and The Reserve Bank of New Zealand. From my experience, the 5 biggest cyber threats for the financial industry are: 

• Malware;
• Ransomware;
• Cyber attacks through 3rd party vendors;
• DDoS attacks;
• In-house threats. 

The financial industry is very attractive to hackers. And this will not change any time soon.”, said Todor Kunev. 

Regulations and compliance in the financial and payment industry

In any terms, the financial sector has many regulations and compliance standards. Some are specialised in specific industries. In the USA, for example, insurance companies fall under different acts like: 

• Health Insurance Portability and Accountability Act (HIPAA) – for healthcare data; 
• Gramm–Leach–Bliley Act (GLBA) – for financial data;
• Sarbanes–Oxley Act (SOX) – for financial data.

“Some regulations are valid for specific places where financial organisations operate. Others are valid for all and are mandatory. Such are PCI DSS for all businesses that handle card transactions, and the SWIFT CSP – for financial institutions that are SWIFT members. On the other hand, there is the ISO 27001. It is not mandatory, but it is widely adopted.”, m-r Kunev added. 

It is important to note that failure to maintain compliance and cover the needed cybersecurity measures can result in heavy fines and reputational damages. 

What lies behind the abbreviations? 

Every one of the widely-adopted standards helps financial institutions. Payment Card Industry Data Security Standard (PCI DSS), SWIFT CSP, and ISO/IEC 27001 can be considered the three pillars of cybersecurity compliance and certifications for financial institutions. They will help them in several areas including, but not limited to:

• Build and maintain a secure network;
• Protect cardholder data;
• Maintain vulnerability management program;
• Implement strong access control measures;
• Regularly monitor and test networks.
• Restrict internet access and protect critical systems;

• Manage vulnerabilities;
• Physically secure the environment; 
• Prevent compromise of credentials;
• Manage identities and segregate privileges;
• Detect anomalous activity;
• Plan for Incident Response. 
• Establish the context scope and objectives;
• Establish a management framework;
• Conduct risk assessment;
• Implement controls to mitigate risks;
• Conduct an internal audit; 
• Measure, monitor, and review;
• Conduct training. 

“Cybersecurity threats change and evolve. And so must change the approach that organisations in the financial and payment industry have in addressing those threats. Maintaining compliance is great and much needed. However, it is only the base for establishing their 360-degree cyber defense”, outlined Todor Kunev.

The financial and payment sector is getting more attractive to new players like the many startup companies with innovative solutions. Security comes before everything else. If you don’t invest in it, you are going to pay the price for that. 

The post Cybersecurity in the financial and payment industry – a talk with Todor Kunev appeared first on 3Cyber-Sec.

Stefan has a background as a specialist consultant in the maritime industry and will share his knowledge about the sector in this expert talk. In these articles, we are talking with experts on different subjects that provoke the interest of our audience. This is the first sector-specific discussion we are doing. We are confident that it will be useful and bring added value to our readers and to all the experts in the maritime business that are not aware of the subject. 

Cybercrime in the maritime industry – more essential than we think

In today’s world, one of the biggest worries about organisations, regardless of their location and industry, is how vulnerable they are to cyber-attacks. We can mention specific sectors like finance, insurance, and healthcare where there is plenty of sensitive data and are preferred targets to hackers. And what about the maritime sector? 

“When you take a closer look, the maritime sector seems to be big like the ocean. There are a variety of industries – from ports, through shipping, and up to IT systems and navigation. Most people don’t have a clue how huge the maritime economy is.”, says Stefan Radushev.

In June this year, the CPO magazine came out with an article titled: “Maritime Cyber Attacks Are Among the Greatest Unknown Threats to the Global Economy”. If you think this industry is irrelevant to you, just consider how one ship that got stuck threatened the logistics of the whole world. Since the pandemic started, the digital transition has gone over each industry. Also has increased the risk of cyberattacks. According to the article mentioned above, cyberattacks on vessels increased by 400%. And that is only at the beginning of when Covid-19 hit the world. 

“If you read the statistics, you can see that there is at least one incident a day related to the hacking of a vessel or company in the maritime business.”, Stefan added. 

What can be done for prevention and what are the good practices in the sector?

Since the statistics about cyber threats in the maritime industry are showing only an increase, we have to ask ourselves what is done and can be done for prevention? The first thing for sure will be to train all employees and increase their staff awareness about cybersecurity and the dangers that the business faces. 

“When the team of the organisation recognizes the scope of the potential cyber-attacks and has the knowledge what to do to minimize the risk, you can be confident that your system, networks, and devices and your operation, in general, have better protection and chance of not being hacked”. says Stefan Radushev. 

Another good thing will be to explore the main vulnerabilities that the specific maritime business has in its cyber defense. There is no universal solution when it comes to cybersecurity. The best approach is the one tailor-made to the needs and challenges that each entity has. And in most cases, they are unique for each business. 

“The first step is to know what you have to deal with. Imagine you are on a ship and are about to go out to the sea. You will check that everything with the vessel is secure before heading out into the water. If there is something that needs to be repaired, you will fix it. It is the same here. We have to identify the vulnerabilities, then treat them and make sure to be best prepared for any cybersecurity threats”, the expert adds.

And this is a constant ongoing process. You can’t just do it once. Your staff should be trained regularly and continuously and the cybersecurity policies you have in place should be up to date with the latest threats. 

Good practices, guidelines, compliance, and standards about cybersecurity in the maritime industry

Efforts on cybersecurity are not left to the maritime business alone. There are several standards and compliance checks that take care of the issues in the sector. The International Maritime Organization (IMO) has a dedicated section on its website about maritime cyber risk. There are listed the following standards that businesses should meet:

• Since January 2021, IMO has issued a new set of cybersecurity regulations that must be implemented by ship owners and managers; 
•  Maritime Cyber Risk Management in Safety Management Systems resolution adopted in 2017 by the Maritime Safety Committee; 
• Entities like ICS, IUMI, BIMCO, OCIMF, INTERTANKO, INTERCARGO, InterManager, WSC, and SYBAss have provided materials with guidance about cybersecurity on board the vessels; 
• There are reports for cybersecurity of ports (issued by IAPH Port Community) and recommendations on cyber resilience by IACS; 
• ISO/IEC 27001 handles international information security management.

“Each big company should have internal procedures and policies for the prevention of cybercrimes that have to be based on the standards mentioned above.”, commented Stefan Radushev.

Better late rather than never

As we can see, the maritime industry faces increasing cybersecurity challenges. Companies in this field of work should act accordingly to reduce the potential threats they might face. Investing in cybersecurity is a step that should be done by all maritime stakeholders. With the growing number of cyberattacks, prevention is the best tool.  

“One of the oldest and most important industries in the world is stepping in the digital age very fast. This is uncharted territory for a lot of the decision-makers in the business. My advice to them is to turn to cybersecurity consultants that can help them develop and implement cybersecurity policies that are based on their needs. You won’t take a ship with a hole on the side to sail. Then why do that with the cybersecurity of your business?”, commented Stefan Radushev. 

The post Experts’ talk: Cybersecurity in the Maritime industry appeared first on 3Cyber-Sec.

This is the topic we are going to cover in our current edition of Expert´s Talk. In this series of articles, we are discussing with experts specific trends, insights, and perspectives in the field of cybersecurity. We will learn more about cybersecurity honeypots and the way they are used by Stefan Radushev. He is managing director and cybersecurity consultant in 3Cyber-Sec. Stefan has extensive knowledge and experience as a Cyber Security Consultant and Penetration tester within the Banking, Pharmaceutical, and  Maritime sectors. He can build comprehensive penetration testing scenarios in support of compliance frameworks so that remedial actions and processes can be set in place to eliminate and mitigate vulnerabilities in the companies he works with. 

What is a cybersecurity honeypot?

A cybersecurity honeypot is a way for companies and experts to “hack” the hackers. This is a shallow piece of the system of the organisation. It is designed with one single purpose – to attract the attention of any cyber attackers that will mistake it for an actual part of the system. 

¨In reality it is created to serve as a decoy and distract the attention from the real essential parts of the operations and infrastructure. Its main function is to alarm if an attack occurs. It also can help the people that installed and maintain it to understand the tactics and tools used by the hackers in their attempts to penetrate the organisation.¨

Types of honeypots used in practice

As cybersecurity threats vary, so do the honeypots that are used to counter them. There are some preferred for the needs of the private sector, while others are strictly used by public bodies like government agencies and even military command bodies. Let’s go through the different types of honeypots out there: 

Honeypot that works with a low level of interaction

As the name suggests, this type of cybersecurity honeypot is designed in a way to provide a limited part of the system in the form of a hacker bait. 

¨It is hosted on a server and sets very streamline and numbered functionalities that can be appealing to hackers. The main goal here is to focus on the areas of the system that suffer cyber attacks most frequently. The end game? Locate where the attacks are coming from.¨

Honeypot that works with a high level of interaction

The complexity of the honeypot grows the investment you have to make to maintain it. Here we can have something that duplicates a whole production system. 

¨This is like giving hackers a playground. You put some fences around and let them go wild inside. These types of honeypots can’t be detected by hackers so easily. And here the goal of the organisation/experts setting up the trap is different. It is to research and learn most they can about the cyber attacks and their source.¨

Honeypot in the form of e-mail trap

Spammers can be annoying and this is the way to deal with them. How an e-mail trap works are to set up a fake e-mail that all the spam letters will go to. After that their source can be tracked and blocked and you won’t hear of them again. 

Using a database as a decoy

How do you limit attacks from SQL injections? Create a “fake” database and attract hackers to it while your real application remains intact and functional. If the database honeypot is compromised, observe what the vulnerable places are. If they are the same as in the real database take the actions needed to fix them. 

Net for the spider crawlers

Here the name reveals the target. While other honeypots are directed at hackers and cyber attacks, here we are dealing with the automated spider crawlers. 

¨“The net” here consists of a variety of online pages and links between them that will be a good pray for the spiders. The goal here is to study them and prevent further real damage they can do.¨

Honeypot that prevents malware attacks

This type of decoy is created in a way to trigger more malware attacks. Everything that is gathered here as useful information can be integrated into the development of software that detects and/or prevents malware attacks. 

Can you use more than one honeypot? 

There are cases where organisations set up two or more honeypots at the same time. These are called honey nets and they can even grow to honey farms in some cases. 

¨If the network and infrastructure are big enough, such measures might be integrated into the whole cyber defense strategy of the company or institution.¨ 

The good and bad sides of having a honeypot

Of course, the coin has two sides and there are pros and cons of maintaining cybersecurity honeypots. Here are the good ones: 

• You can learn useful insights about the cyber threats your company is facing; 
• You can understand what vulnerable places in the system are being targeted; 
• It sets a fake “red cape” for hackers to attack, instead of the system in place. 

On the other hand, there can be some downsides to honeypots that experts in the sector admit about: 

• If hackers find out that you give them decoy in the form of the honeypot, they can feed you false data, while planning an attack on your actual system; 
• You may have a honeypot set up that is not configurated in the best way to suit your organisation; 
• A honeypot can give you some misleading information even if there is no additional attack on your system. 

The integration of the correct cybersecurity honeypot(s) in your defense strategy against cybercrimes should be a tailor-made approach handled by experienced professionals. We at 3Cyber-Sec have a personal approach to any case our team examines. This allows us to give recommendations based on the needs of any client. If you want to learn more about our security services and find out if you really can use something like a cybersecurity honeypot, feel free to reach out to us.

The post Experts’ Talk: Here’s What You Need To Know About Cybersecurity Honeypots appeared first on 3Cyber-Sec.

What does it mean to encrypt your data?

So let’s not waste a minute and get started by defining what exactly does data encryption mean. Encryption is the process through which cryptographers transform data into code intending to protect it from unauthorized access. Usually, the sensitive data is scrambled and ordered in a practically unreadable way, and the information that it gives out does not make any sense. This unreadable text is referred to as ciphertext. To read the information users have to decrypt the ciphertext so that it transforms to its initial state of plaintext.

“Encrypting data is not a new concept, it has been around for centuries. One of the oldest and most widely-known encryption techniques is the so-called Caesar’s cipher, named after the infamous Julius Caesar who used it to protect military messages. To encrypt a message using Caesar’s cipher you would need to replace each letter from the plaintext with a letter from the alphabet that is positioned a certain number of spaces before the letter that you need to replace. We refer to this number as the key because if the user knows what the number is, they can easily decipher the message. It sounds complicated, but it is actually pretty simple. So, for example, if you select the number 4 to be your key, then the letter A in the plaintext will be substituted by the letter W in the ciphertext, while the letter D will be switched for an A and so on. This method of encryption is called a substitution cipher, and while it was useful some decades ago, now we need to use more complicated methods of encryption.”, shares Steliyan Petkov.

So, for example, if you wanted to encrypt the word “CYBERSECURITY” by using Caesar’s cipher with a key of 3, you would end up with the following ciphertext: “ZVYBOPEZROFQV”. Another historical use of substitution cipher during WW2 is when the German Enigma machine was invented to help military officials send and receive secret information in the form of substitution cipher.

The encryption of data is still widely used today and it is arguably one of the essential cybersecurity practices. In fact, organizations and companies are often obligated to encrypt any sensitive data that they store or send via diverse communication platforms on the Internet. As Steliyan Petkov puts it, encryption could not only protect organizations from being hacked, but in case of an existing cyberattack, encryption could also make the difference between a massive breach of personal data and a compromising of unreadable ciphertext.

“If you don’t encrypt the sensitive data your company handles, you are exposing your business to enormous risk. And I’m not only talking about the risk of a data breach, but also the risk of non-compliance with certain regulations and industry requirements. Consequently, if you’re not compliant, you may be faced with fines and reputational damages.”, adds Petkov.

Before we share which regulations require businesses to encrypt their data, however, we’ll first explore the different types of encryption used today.

Types of Encryption

There are two main types of encryption – Symmetric and Asymmetric (also known as public-key encryption). The differences between them lie in the speed of the process, the number of keys needed to encrypt and decrypt data, the length of the keys, as well as the means through which the keys are shared with other parties (key management).

• Symmetric

This type of encryption uses one key for both processes – encryption and decryption. So, for example, if you want to send a secret message to John, you need to provide him with the encryption key, so that he can decrypt your message. Therefore, the risks associated with symmetric encryption are higher. As Steliyan Petkov explains it:

“When only one key is used for encryption and decryption, both parties that participate in the communication need to know what that key is. Thus, the key needs to be exchanged and if this process is not done safely, the key could fall in the wrong hands. For example, you cannot simply send the key to the other party via email without it being encrypted itself. There are specific procedures that need to be followed when it comes to key management.”

• Asymmetric

With asymmetric encryption, there are two keys involved – one for encrypting the message (a public key) and one used to decrypt it (a private key). When this method is used, the sender encrypts the message with the public key and the receiver decrypts it with his/her private key.

“The public key is available to anyone, hence the name. On the other hand, the private key is only known by the person receiving the message. Therefore, asymmetrically encrypted messages are less likely to be compromised by cybercriminals.”, clarifies Petkov.

Because symmetric encryption is not as complicated as asymmetric, it is also a much faster process. Furthermore, the recommended length of the keys associated with both types of encryption is different. While in our example with Caesar’s cipher we only used a key containing one number (3), in reality, encryption keys consist of hundreds or thousands of numbers.

“The encryption keys are essentially strings of symbols (digits, letters and some special characters) with different lengths. They could consist of 128, 192, or 256 numbers (professionals usually refer to those numbers as bits) and could even contain more than 2048 bits. At the time of writing, the recommended symmetric key length is 128 bits and higher, while the length for asymmetric keys is 2048 bits and higher.”, shares Steliyan Petkov.

Why should you encrypt your sensitive data?

Encrypting your data is crucial for your organization’s cybersecurity regardless of the industry your business operates in. Steliyan Petkov shares that many industry regulations require companies to encrypt their sensitive data:

“Whether your business operates in the financial, healthcare, or any other sector, it’s strongly advisable, and in some cases compulsory, to encrypt the sensitive data you handle. The Health Insurance Portability and Accountability Act (HIPAA), for example, requires organizations to protect patients’ data via encryption or an equivalent alternative. Additionally, businesses can avoid hefty data breach fines from the California Consumer Privacy Act (CCPA) if the breached data cannot be accessed without a decryption key. Not to mention that the Payment Card Industry Data Security Standard (PCI DSS), as well as the Federal Information Processing Standards (FIPS) require organizations to encrypt sensitive data and anyone who fails to do so will be faced with expensive penalties.”

According to The Global Encryption Trends Study 2021 by Entrust, the data types that were routinely encrypted in 2020 were payment-related data (55%), financial records (55%), intellectual property (48%), employee data (48%), customer information (42%), healthcare information (26%), and non-financial business information (25%). Furthermore, according to the same study, the top four reasons for encryption in 2020 were:

• Protecting customer information – 54%
• Protecting information against specific, defined threats – 50%
• Protecting intellectual property – 49%
• Complying with privacy or data security regulations and requirements – 45%

It’s best if you outsource the task of encrypting your data to a professional cybersecurity team with the needed experience and expertise. 3Cyber-Sec’s team can protect your organization from cyber threats. As a boutique cybersecurity consultancy, we are passionate about providing tailored solutions to each of our clients and we’re always ready for new challenges. Contact us for a free consultation now.

Did you enjoy our article? For more expert advice, read our last month’s talk, when we were joined by 3Cyber-Sec’s Business Development Manager and certified Cybersecurity Consultant Todor Kunev. Together with him, we discussed the dangers phishing attacks propose for businesses and individuals.

The post Experts’ Talk: Why Do You Need to Encrypt Your Data appeared first on 3Cyber-Sec.

Today, together with 3Cyber-Sec’s business development manager and certified cybersecurity consultant Todor Kunev, we’ll be getting to the bottom of phishing attacks and the dangers they propose for businesses and individuals. Todor Kunev is an exceptional industry professional, capable of devising and implementing cybersecurity scenarios to strengthen cybersecurity and safeguard sensitive information and systems for his clients. To achieve his current level of expertise, Todor has spent years working towards obtaining his licenses and certificates some of which include CDPSE, CISM, CCNP, and CCNA. He was eager to share his take on phishing with us, hoping that his advice might elevate some of the misunderstandings connected to the topic.

Let us explain what phishing is. It has nothing to do with the relaxing lake-house weekend you might be imagining. Although the word sounds just like the well-known hobby of fishing, phishing is not about you catching fish, but rather it’s about you being preyed upon by cybercriminals. In essence, this cyberattack type uses socially engineered emails (or in some cases text messages and voice calls) with the malicious intent to direct users to dangerous websites, distribute malware, collect credentials, and more.

As Todor Kunev puts it:

“All phishing attacks aim to create a sense of urgency, provoke users’ interest or inflict fear. Once they’ve succeeded in grabbing users’ attention, cybercriminals usually propose a solution to the “urgent matter” in the form of a downloadable document or a link leading to a malicious website.”

It is one of the most popular cyberattack methods which is widely used today. In 2020 alone, 75% of organizations had experienced phishing attacks, according to research conducted by Proofpoint. Furthermore, 74% of the attacks that targeted businesses in the US were successful. This data is concerning especially given the fact that phishing attacks could cost organizations $3.8 million on average, as reported by retruster.com. Therefore, businesses should do everything in their power to prevent this from happening to their organizations.

Types of phishing attacks

There are quite a few types of phishing attacks depending on the communication channel and method used for the attack, as well as on its target. In terms of communication channels, we can outline four main types of phishing attacks – email phishing, smishing, search engine phishing, and vishing. As reported by Tessian, the most popular of them is email phishing with 96% of all attacks belonging to this category. The other 3% and 1% of the attacks were delivered via malicious websites (search engine phishing) and via smartphones (smishing and vishing) respectively. This data is also supported by Proofpoint’s research, which found that in 2020, 66% of the surveyed organizations experienced targeted phishing attacks, 61% of businesses faced smishing attacks and 54% of the respondents say they were targeted by vishing attacks.

“Email phishing occurs when cybercriminals impersonate a person or a business and send you an email with the goal of tricking you into clicking on a malicious link or downloading an infected attachment. Smishing and vishing are both different types of phishing, however, they are not used to target users via email. Vishing is referred to when cybercriminals call you on the phone pretending to be an employee from a well-known company, Microsoft for example, and request that you give them your personal details or payment information. When you receive a text message with malicious links, then you’ve been targeted by a smishing attack. The word is formed from the combination between “SMS” and “phishing”. Last, but not least, search engine phishing, or “SEO poisoning” as we sometimes call it, is when hackers create malicious websites and try to rank them on the first pages of legitimate search engines such as Google. Those websites could offer irresistible product deals intending to collecting as many of the users’ card details as possible, or they could look like an exact copy of another website, again aiming to deceive the user into giving his or her personal information away.” – explains Kunev.

In terms of the target of the attack, there are two main types of phishing – whaling and spear phishing. They are both similar in the sense that they target specific groups of people. Spear phishing occurs when hackers strategically direct their malicious message towards a particular organization or a particular employee in a selected company. Whaling, on the other hand, refers to cybercriminals who target the CEOs or the “big fish” in a given organization.

In his career as a cybersecurity expert, Todor Kunev has witnessed both whaling and spear phishing. According to him, those methods are particularly concerning because the messages they use are specifically crafted for the recipient (attack’s victim), which means the cybercriminals had to research their target.

“Cybercriminals often research names and company roles of employees working in the targeted organization, they even go as far as stalking their social media profiles and browsing through their friends’ lists. The goal is to produce a highly targeted, highly personal message, which prompts the victim to reveal sensitive information (both personal or in relation to the business), make a bank transfer, or alter documents to the cybercriminal’s benefit.” – says Kunev.

Therefore, it is extremely difficult to recognize targeted phishing attacks such as spear phishing or whaling. In fact, 97% of the users are unable to recognize a sophisticated phishing email. However, if you’re not recognizing a problem, it doesn’t mean it’s not there.

Consequences of phishing attacks

According to Proofpoint’s research, due to phishing attacks in 2020 businesses were left to deal with data loss (60% of the respondents), compromised accounts (52% of the respondents), ransomware infections (47% of the respondents), malware infections (29% of the respondents), and financial loss or fraud (18% of the respondents). The consequences of phishing attacks also include legal trouble, reputational damages, and intellectual property loss. This includes trade secrets, research findings, new developments, and other valuable data, which often cost the targeted organization years of work and thousands of dollars of research. However, according to Todor Kunev, one of the most dangerous aspects of phishing is the fact that businesses take too long to even notice they were attacked.

“It’s not uncommon for cybercriminals to target a business partner of yours in order to access your data. When the phishing attack is successful they can easily get hold of your network, because you and your employees perceive the already infected partner as a trusted source. Once the attackers gain initial access to your network through a given endpoint (one of your employees’ computers, for example) they may impersonate a legitimate user and continue to move laterally through your network. This means that even if you detect the initial point of access, you may not even notice or know that the cybercriminal is going through your files and systems and mapping them out until they find something of interest.” – shares Todor Kunev.

According to fortinet.com, it takes approximately 280 days to identify and contain an average cyberattack. In the meantime, businesses lose $2.9 million a minute due to cybercrime, as reported by riskiq.com. We don’t even want to do the math on this one.

How to spot a phishing attack?

Phishing attacks can often be easy to spot because of poor spelling and grammar, or because of poorly created links, which can hint that the web pages they lead to are fabricated. Some of the key clues of a phishing attempt are:

• The message is informing you that you need to take immediate action concerning a given matter
• The message is sent from a public email domain (simply @yahoo.com, for example, as opposed to @3cyber-sec.com)
• The domain name is spelled incorrectly
• The email contains grammatical, spelling, and/or punctuation mistakes
• The email includes a suspicious link or attachment

However, targeted phishing attacks such as spear phishing or whaling can be difficult to recognize. That is why it’s important to educate your employees about the warning signs and appropriate action plans in case they are targeted. Todor Kunev’s expert opinion is that staff awareness training should be done as regularly as possible, but not farther apart than 3 months:

“In the digital transformation journey, our customers’ exposure change requires the implementation of robust security capabilities to mitigate risk-shift and enable the business’s vision. It is crucial for businesses to invest in staff cybersecurity awareness training because more often than not, your employee serves as the middleman between a cybercriminal and your organization. Your employees need to be able to recognize the warning signs and avoid opening suspicious emails.” adds Kunev.

If you don’t know how to organize staff cybersecurity awareness training, you can always contact us for advice. 3Cyber-Sec’s team is composed of certified cybersecurity consultants, who can help you stay safe in the cyber world. We are determined to craft a tailored security solution for your specific needs.

The post Experts’ Talk: What Is Phishing And How Can You Spot It? appeared first on 3Cyber-Sec.