The modern cyber threat landscape is a frightening place. What better time than Halloween to assess the threats in your environment and your ability to thwart them.  

Modern hackers have an arsenal to trick unsuspecting individuals and computers into giving them access and information. Some schemes — like phishing — prey on people’s trust.  But an educated workforce, combined with strong security solutions, can help you stomp out these wicked plots before they take traction.  

Phishing

Phishing relies on deception.  Cyber criminals don a costume of sorts — by cloaking themselves in the guise of a legitimate, trusted entity. By using elaborate emails and fake websites, they fool their unwitting victims into volunteering sensitive information — and even money.   

Half the battle is recognizing where these threats are coming from. Here are some types to watch for:

  • Deceptive phishing involves sending a message pretending to be from a trusted source. The message often makes an urgent request for a payment or asks to verify account information.

  • Spear phishing is more personalized and targets someone specific, using information gleaned from places like social media.

  • Pharming involves creating a fake website, hijacking another website’s domain name, and sending unsuspecting visitors to the fraudulent site.

Whaling

Some cyber criminals aren’t content to feast on little fish, so they go after the biggest creature in the sea. With these so-called whaling scams, criminals use extensive surveillance and research to learn about company culture and use customized emails and websites to target a specific end user. One tactic is to create an email that looks like it’s coming from the CEO’s account and make a request for funds or information.

Whaling scams are lucrative and widespread.  According to the FBI, between October 2013 and February 2016, there were 17,642 reported victims, which amounted to $2.3 billion in losses.

Evasive Malware

Malware is often spread through phishing emails. To survive, malware needs to avoid detection, and a new sophisticated strain does just that. It’s able to identify when it’s in a cybersecurity test environment and not look suspicious until it’s deemed safe and released into the network.   

Prevention

Employees are a crucial line of defense, so set clear rules to govern online behavior.  Employees should:

  • Be careful what they install.

  • Follow good password practices.

  • Watch out for suspicious links, tweets, posts and attachments.

  • Backup work.

  • Speak up if they see something unusual, or receive an odd request—even if it’s from someone in the C-suite.

Of course, scary cyber attacks aren’t solely linked to human error. People and technology need to work together to fight the nefarious tricksters.

In addition to a diligent workforce, you need behind-the-scenes security solutions to prevent, detect and mitigate phishing and malware threats. Our security framework uses a combination of technologies such as firewalls, secure email gateways and sandbox technology to detect and block threats and respond if there’s a breach.

Get deep insight into your security posture and network activity to decrease your vulnerability to even the trickiest of modern cyber threats. Contact SpartanTec to learn about the advantages of performing a cyber threat assessment.