On the Cybersecurity Front Lines: Defending Against Phishing and Social Engineering Attacks
Oct 7, 2015 8:21am
For any business computer connected to the Internet, it’s not a matter of if but when it will come under attack. Cyber attacks today cost companies an average of $2.6 million per incident! The silver lining of these recent breaches is that businesses are starting to realize that they can’t afford to ignore security. But, incorporating cybersecurity as a priority into an organization’s everyday practices requires a cultural shift. A culture of cybersecurity develops from an awareness invoked by education.
A big topic of discussion among cybersecurity experts at the recent PCI Security Standards Council Payment Security Forum in Vancouver was that phishing and social engineering attacks are increasingly at the heart of today’s most serious cyber hacks, which put businesses and consumers at risk. In fact, every day 80,000 people fall victim to phishing scams from 156 million phishing emails sent globally ‒ 16 million of which circumvent spam filters ‒ resulting in 8 million scam emails being opened. Cybercriminals target organizations using specially crafted, seemingly legitimate-looking emails and social media messages designed to trick employees into providing confidential data that can be used for fraud. Thirteen percent of the annual cybercrime cost globally for companies is due to phishing and social engineering.
The good news is that with a few security basics and ongoing vigilance, businesses can be aware and defend against these attacks. According to Ponemon, training that helps employees spot phishing attacks and other related threats could help cut down costs by nearly $2 million! Let’s look at a few key tips on protecting against social engineering attacks that should be part of your business’ cybersecurity culture.
Attackers love to send phony emails with attachments containing malicious software that infect your computer systems. Reduce unwanted email traffic by installing and maintaining basic security protections, including firewalls, antivirus software and email filters.
Train employees and users on email and browser security best practices, including these key tips:
Website and Software Security
Hackers often browse websites where users voluntarily or involuntarily trigger vulnerabilities in Flash and Java that open them up to attack. In fact, 99.9 percent of data breaches reported by Verizon last year resulted from hackers exploiting bugs like these that had fixable patches for at least a year.
Use basic security tools that block malicious intruders and alert you to suspicious activity, including firewalls and antivirus, malware and spyware detection software. Regularly check that web browsers and security software have the latest security patches and updates.
Train employees and anyone who uses a computer on website and browser security best practices, including these key tips:
“Password1” was the most common password used by businesses in 2014. Criminals prey on weak credentials to break into a system by using unauthorized usernames and passwords.
To protect against this type of hack, businesses and employees can follow these steps to practice good password hygiene:
Shifting to a culture of cybersecurity does require a change to how you do business-as-usual. The change starts with awareness and education – prioritizing email, website and password security is a good place to start. Check out and share this quick resource guide on Defending Against Phishing & Social Engineering Attacks. For more information on how to make security an ongoing priority for your business with the Payment Card Industry (PCI), Data Security Standard (DSS) and other PCI Council resources, visit pcisecuritystandards.org.
About the Author
Laura Johnson executes integrated communications strategies that inform, educate and help PCI Security Standards Council stakeholders take advantage of PCI SSC programs, resources, research and initiatives. Her background includes more than 12 years of global communications and public relations client-side and agency experience in information technology, research and public policy. Ms. Johnson is a graduate of Gordon College and the Institute on Political Journalism.