Forbes published an article on Wednesday, August 12th, called 6 Observations About Cybersecurity Based On Two New Surveys. Between the PricewaterhouseCooper (PwC) and Black Hat surveys, roughly one thousand executives participated. One of the most telling, and scary, statistics was that a full half of those surveyed don’t conduct periodic cyber security awareness and training programs, or cyber security training for new employees. With almost 80% of those surveyed saying they’ve experienced an incident/attack in the last 12 months, it only makes sense that the first impulse is to turn to technology solutions. But that still leaves the biggest culprit, and the most fallible when it comes to strong cyber security, largely unchecked – the human element.
In the cyber world, hackers looking to land a white whale often start with one little phish.
“This should serve as a serious wake up call,” says Joe Caruso, founder and head of Global Digital Forensics (GDF), a premier national provider of cyber security solutions and digital forensics services headquartered in New York City, “because raising social engineering awareness enterprise wide is probably the most important thing an organization can do to secure their ESI (Electronically Stored Information) and other digital assets. Just about everyone has antivirus solutions running to stop many threats, and many organizations have personnel or vendors at least trying to hold the fort, so a majority of threats are actually thwarted. But the nasty ones, the ones that make punchlines of globally recognized companies and cause smaller business to close up shop every day, a vast majority of those all started with social engineering, typically in the form of phishing or spear phishing emails. And recently, boiler room operations that combine old-school phone rooms with evolving cyber attack techniques have been getting increasing play as well. But if everyone in an organization isn’t up to speed on what to watch out for on the social engineering front, and taught ways to better secure themselves, and by extension the organization, it’s all for naught.”
Professional help from those in the know.
“We’ve been in the cyber security game for a long time,” Caruso says. “We know what hackers have done in the past, and how they are evolving today. That’s why we designed our vulnerability assessments and penetration testing with a strong focus on social engineering. We’ll of course identify and help rectify any technology, policy or procedural weaknesses, but we’ll also go the extra step of designing a full scale social engineering attack. We like to use phishing and spear phishing campaigns the most, because they are the vectors that compromise the most networks. When hackers get their hands on the master keys to the network, the sky is the limit for them, and exactly the opposite for the victim. We take great pride in never having failed to breach a network we’ve been hired to test. And we take just as much pride in watching the lessons they learn through the results of the assessment and testing process make them much stronger on their cyber security front going forward. And if a client wishes, we can help in other ways on the training front too.”
View the original content and more from this author here: http://ift.tt/1MpDRne
from cyber security caucus http://ift.tt/1TF39OK
via IFTTT
No comments:
Post a Comment