In a presentation at the Intelligence & National Security Summit, Bill Evanina, Director of the National Counterintelligence and Security Center (NCSC) announced "There have been just over 500 breaches so far this year, some of which made the news, and 47 percent of adult Americans have been the victim of a breach in the last three years."
He is right, in 2015 U.S. organizations are seeing a significant spike in hacking incidents, more than the previous two years combined. Over 122 million records were breached just from hacking alone, meaning not counting all of the other incidents leading to sensitive information being exposed. That stolen data is an opportunity for criminals who now have enough personal information on half of your users to create very convincing spear phishing attacks, using Big Data technologies to merge and append stolen information into highly detailed profiles of your employees.
They have access to credit card data, health care info, social security numbers, DMV records, purchase records, social media preferences, and more. This information is now being used to create automated spear phishing attacks on a massive scale by two different types of bad guys: Eastern European cyber mafias and Chinese state-sponsored hackers, also known as Advanced Persistent Threats.
Somewhat oversimplified, the Russions are after your money and the Chinese are trying to spy on you and steal your intellectual property, but both groups often use the same illegally obtained data to get to their goals. Either way, the fact that half your employees is now a spear phishing target should give you pauze and illustrate the need for defense-in-depth which starts with effective security awareness training.
Your end-users are the weak link in your network security. Now, more than ever, your employees are exposed to advanced phishing attacks. Trend Micro reported that 91% of successful data breaches started with a spear-phishing attack.
A survey over IT pros showed that “end-users” wound up at the #2 spot of “System Admin Hate Votes” right after “no documentation”. And indeed untrained end-users generate tons of support tickets. Here is a whitepaper that explains the problem of spear-phishing and how Advanced Persistent Threats use this attack vector against organizations with devastating consequences. Download here:
Related Pages: Spear Phishing