As much as security is being updated for electronic communication, some areas almost seem to be losing ground. The article below reflects this.
Jen A. Miller
CIO | Sep 3, 2014 4:13 AM PT
Jen A. Miller
CIO | Sep 3, 2014 4:13 AM PT
Email Security Still a Struggle for Most Companies
Banks
and social media firms have taken steps to protect their customers from email
scams, according to recent research. However, the travel and healthcare
industries remain vulnerable. All the more troubling: Spam and phishing show no
signs of going away.
Is that email really from your bank
or airline? Or a hacker pretending to be?
Research from Agari, which
provides email security and threat intelligence tools, shows which industries
are constantly under attack – but deflect those attacks – and which industries
still get a failing grade as they face increased hacker attention.
Presented by Netskope
10
Alternatives to Heavy-Handed Cloud App Control
Blocking any useful cloud app
doesn't work and ultimately does the business a disservice. This list
"Email is one of the criminal's
best friends, and one of the most common ways that criminals use to go after
their victims," says Patrick Peterson, founder and CEO of Agari. Hackers impersonate brands and try to
get you to give them information in return, such as a username and password.
Agari's quarterly report, which
looks at 147 companies across 11 industries, evaluates two things. There's the
TrustScore, which looks at the highest-volume email-sending domains for a company
and then analyzes their implementation of common email authentication
standards, including DMARC, DKIM and SPF.
Then there's the ThreatScore, which calculates the volume of spam and
potentially malicious email sent by hackers masking themselves as a certain
company.
Your
Bank Is Still a Target for Hackers
From the first to second quarter,
Agari found an 8 percent improvement in trust scores across all industries.
However, attacks against what Agari calls "mega banks" remained high.
"Attackers are looking to
monetize," says Trey Ford, global security strategist for IT security firm
Rapid7. "What's easier to monetize
than cash? If I can act like I'm some major bank and get you to sign into my
fake webpage, I can log in as you and move money around."
Because of this increased attention,
banks have also adapted to protect their consumers against these threats,
Peterson says. CapitalOne and JP Morgan Chase even appear in the so-called
Agari 100 Club, which is reserved for companies that receive a TrustScore of
100. Facebook and Twitter also fall in that group.
"Social media and banks used to
be some of the criminals' favorite targets," Peterson says. Those
industries have come a long way in their efforts to protect consumers. People
now know how to tell if an email from a financial institution "looks a
little funny" and shouldn't be trusted, he adds. "Criminals found out
that those were much harder targets to impersonate."
That hasn't stopped the criminals,
though – JP Morgan and other banks were allegedly hit by
Russian hackers last week in an attack that may have been
politically motivated.
Email
Hackers Now Hitting Travel, Healthcare
So where did criminals turn? The
travel industry. It experienced an 800-percent jump in threats between the
first and second quarters of the year. Agari's report says travelers are
"natural" targets for social engineering, a type of security
intrusion that plays on human behavior and emotion.
Related: Spammers' Top Spoofing Targets Still Finance, Travel
Industries
"As criminals started to look
for a new weak link, they found that travel was incredibly successful,"
Peterson says. "They've been plowing a lot of their efforts and
investments into making more and more improvements spoofing an itinerary."
In a 2014 scam, hackers pretended to be Delta Airlines,
emailing consumers to say, "Your credit card has been successfully
processed," and to provide flight information. Peterson also points to
large-scale attacks using Expedia, Airbnb and Booking.com as fronts – all with
the goal of either getting your log-in information or installing malware on
your machine.
Ford says he's not surprised – not
just because of the potential information that hackers can get through setting
up fake travel-related sites but because of what travel does to people. Road
warriors who frequently travel for work have lowered their barriers, Ford says:
"When you get really tired, you do stupid things."
Mobile devices and travel don't
always mix well, either. Ford says he's "fairly aggressive" in the
security set up of his laptop, but "when I read an email on my phone, I
don't have all of those controls. I'm a lot more vulnerable to phishing and
[other] attacks – especially when I'm tired."
The good news is that airlines
specifically had a 17-percent jump in their TrustScores. "It's very easy
when you start from zero to make 17-percent progress," Peterson says, but
he points to Delta as a "breakout star" for reacting quickly and
effectively after being targeted.
More: Community Health Breach Highlights Healthcare Security
Vulnerabilities ]
Healthcare also performed poorly,
earning the lowest TrustScore out of all industries. Out of 14 healthcare
companies analyzed, 13 were classified as easy targets for cybercriminals,
suggesting that healthcare security remains lax.
Email
Security a Modern Game of Whac-a-Mole
Overall, the TrustScore for the
companies that Agari studied increased 8 percent in the second quarter.
Peterson describes it as a "sea change," adding, "These are big
companies. Making changes is hard for them."
As the major banks learned, however,
that doesn't mean these attacks will stop. "Criminals have so many tricks
up their sleeve," Peterson says, "and have a new one every day."
Progress is good, but big companies
still need to be on alert for whatever's next.
Survey: More Than 40 Years Later, Email Security Remains
Elusive ]
"Spam is a problem and we still
don't have it solved. Phishing is a problem and we still don't have that
solved," Ford says. "These [hackers] are businessmen and
businesswomen. They're incentivized to be successful. They're going to keep
reiterating this game of cat and mouse."
============================================
In
addition to this blog, I have authored the premiere book on
Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance
and Add Power to Your Email". You can view my profile, reviews of the
book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
.jpg)
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment