Tag: Data Breach

Categories
Security

Study Finds Social Media Phishing Scams to Be the Most Dangerous

b2ap3_thumbnail_employee_misuse_causes_problems_400.jpg Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.

A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”

This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.

James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.

If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.

You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone. With COMPANYNAME by your side, you’ll be prepared to handle any cyber threat. To learn more about what we can offer your business, reach out to us at PHONENUMBER.

Categories
Alerts

Alert: LastPass Vulnerability Found. Is Any Password Manager Safe?

b2ap3_thumbnail_last_pass_leak_400.jpg Thanks to one of Google’s researchers with the Zero Day Project, it has been discovered that LastPass has a major vulnerability as a result of a major architectural problem. This news comes on the heels of many other flaws the same researcher discovered within LastPass. However, based on what the researcher claims, these vulnerabilities were much less serious than his latest discovery.

After having “an epiphany in the shower,” Tavis Ormandy realized that the latest version of the password manager’s browser extension is subject to a flaw that allows some malicious websites to have their way with the user’s system. Otherwise, the vulnerability allows malicious websites to steal the user’s passwords from behind LastPass’ protections. Unfortunately, this vulnerability seems to be present in the extensions for every major browser on Windows and Linux, and is most likely present for Mac users as well.

Making this vulnerability even more significant, the vulnerability only requires the extension to be installed in order for it to be exploited. A user could be logged out and still be subject to receiving malicious code from the website they’re visiting.

To their credit, LastPass is committed to resolving this issue, acknowledging Ormandy’s report a mere hour after he submitted it. Two days later, LastPass released a blog post going over these events and offering a few recommendations:

  • Launch websites from the LastPass vault: To retain the highest level of security as possible, it’s better to access websites from the LastPass vault itself.
  • Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts.
  • Keep an eye out for phishing attacks: Clicking on a malicious link is a great way to hand over your access credentials to malicious entities, so before you click on a link in a received message, take a moment to ask yourself if the link makes sense to be coming from who allegedly sent it.

LastPass has also been vocal in their appreciation for people like Ormandy finding issues like these before they are found the hard way. According to Joe Siegrist, cofounder and vice president of LastPass, “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.

LastPass now has 90 days before Ormandy and Project Zero release the technical details as part of their disclosure policies. In the meantime, it would be prudent to take LastPass’ advice to heart for the sake of your own network security.

To ensure your credentials are protected, and to schedule a full security audit, contact COMPANYNAME at PHONENUMBER. 

Categories
Security

20% of Customers and Revenue are a Lot to Lose From a Single Data Breach

b2ap3_thumbnail_business_data_breach_400.jpg Data breaches are common problems for businesses of all shapes and sizes. In fact, they often have huge repercussions that aren’t initially seen in the heat of the moment. How can you make sure that a data breach won’t negatively impact your business, even well after you’ve fixed the initial problem?

Cisco, for example, claims that out of all companies that experienced a major data breach in 2016, over one-third of them lost more than 20 percent of their customers, opportunities, or revenue. This clearly shows that your business has far more than just data on the line when it comes to cybersecurity. Simply put, by not taking measures to keep your organization secure, you stand to put the future of your business itself at risk.

This makes sense, especially when you consider a consumer’s natural reaction to a poor experience with a specific vendor or brand. If you were a customer at a store that experienced a major data breach (one in which your financial information was stolen), would you still want to shop there? Many organizations will reassure their customers that the vulnerability has been resolved, and some might even offer to make amends for their careless handling of customer data. Yet, sometimes even this isn’t enough to retain customers, and often times, you won’t find this out until it’s too late.

As a small business owner, can you imagine what it would feel like to lose as much as 20 percent of your current clientele? Large organizations might have enough resources and offerings to make the loss seem more manageable, but chances are that a 20-percent loss would be a huge hit for any smaller organization.

Furthermore, it’s likely that such a loss of customers, opportunities, or revenue would affect long-term growth. If your organization loses 20 percent of its customers, that’s not just lost business for you–that’s a whole bunch of customers who won’t recommend your organization to new clients. What’s worse, they may even tell others about your business, but not in the way that you want them to. Before you know it, you’ll have former customers telling their contacts all of the ugly details about their experience with your business, data breaches notwithstanding.

In other words, not only does a data breach represent a loss of revenue, but also a loss of potential resources that could be utilized to further advance your business in the future.

Thus, a relatively small issue could transform into a major problem that puts the future of your business in jeopardy. Cisco also found that the following problems were concerning for organizations that experienced a data breach:

  • Cyber threats in 2016 increased in power and sophistication.
  • Cybersecurity efforts by organizations aren’t able to investigate all of the alerts they get in a single day (56 percent is the average).
  • However, despite cyber attacks growing in complexity, hackers still utilized “classic attack methods seen in 2010.”

Cyber threats continue to evolve into bigger, more dangerous threats that are harder to counter and prepare for. Despite this fact, it’s still your responsibility to make sure that any potential data breach doesn’t spell the end for your enterprise. It’s clear that, in order to guarantee the success of your business’s future, you need to implement powerful and focused security solutions designed to prevent breaches in the first place.

COMPANYNAME can help your business implement technology solutions designed to limit breaches and manage risk more effectively. With a Unified Threat Management device and remote monitoring and management service, you will have little to fear. To learn more, reach out to us at PHONENUMBER.