Security firms slow to react to spear phishing like that used in China hack



Antone Gonsales at the CSO site hits the nail on the head: "Email security vendors have failed to do enough to protect customers against advanced cyberattacks like the one recently linked to the Chinese military, experts say.



"Vendors have needlessly left customers exposed to spear phishing, which is the most effective way hackers have of penetrating corporate networks. The technique involves scouring the Web for information related to the target in order to craft an email most likely to trick the person into clicking an attachment or visiting a malicious website.



"The players that have had email and Web security solutions have failed at their job," Rick Holland, an analyst at Forrester Research, said on Wednesday.



The result has been successful spear phishing-based cyberattacks like the one recently uncovered by Mandiant. The security vendor this week released a 60-page report that traced an advanced cyberespionage operation to a Chinese military unit.



Researchers at the Georgia Institute of Technology are working on analytics that they hope will one day be able to spot bogus email and warn recipients. Before starting the project, research scientist Andrew Howard investigated the market last year and found only one vendor that he believed had reliable analytics.



"
The technologies available out there to help with this problem are severely inadequate," Howard said.



Which brings me to the point of all this. An essential part of your 'defense-in-depth' strategy is security awareness training because your security software cannot keep up with the bad guys.



Full article here.








Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews