By Andrés Kohn, VP of technology, Proofpoint, Inc.
The Internet has become more treacherous than ever in the twenty-first century. The vision of a lone hacker operating out of a basement is hopelessly out of date. Today, a well organized data theft industry exists, complete with hierarchies, well-defined roles for participants, and established global supply chains. Employee behavior can play a major role in defeating the data theft industry, and therefore education is crucial. There are two times when employees should exercise special care: when they receive or send email, and when they access the corporate network, whether for their email or an application.
Email: Inbound Threats
Email is the fundamental mode of communication in today’s business world, and as such is a wide open path into the depths of an organization. This also makes it the launch pad
for enormous volumes of malware or phishing messages and recently, an alarming number of targeted attacks. These sophisticated “spear phishing” attacks target executives and high-level IT managers with cleverly disguised messages that often appear to have come from a friend or co-worker and contain personal information (often gleaned from a social network) that further creates an impression of authenticity. They also contain links to malicious URLs that enable the theft of network credentials or the surreptitious download of malware, allowing cybercriminals to gain a foothold that leads to the eventual loss of everything from intellectual property to clients’ personal information such as credit card and personal identification numbers.
Employees need to be trained never to click on suspicious links. In the era of spear phishing, this is not an easy task.