A front page article in the Wall Street Journal describes the escalating arms race for a possible cyberwar. This article is a great way to get C-level execs a crash course about cyber-risks and understand the need to increase their IT security (InfoSec) budget. The WSJ illustration (above) mentions phishing as one of the ways that foreign adversaries penetrate your network. I strongly recommend you send this link to all execs in your organization with the request they should take 15 minutes and really read it.
They started out with: "Countries toiled for years and spent billions of dollars to build elaborate facilities that would allow them to join the exclusive club of nations that possessed nuclear weapons. Getting into the cyberweapon club is easier, cheaper and available to almost anyone with cash and a computer.
"A series of successful computer attacks carried out by the U.S. and others has kicked off a frantic and destabilizing digital arms race, with dozens of countries amassing stockpiles of malicious code. The programs range from the most elementary, such as typo-ridden emails asking for a password, to software that takes orders from a rotating list of Twitter handles."
A little further down they talk about China using phishing to get into U.S. networks:
"Cyberarmies tend to be integrated with a country’s military, its intelligence services, or both, as is the case in China and the U.S. In China, hackers are famous for the relatively low-tech tactic of “phishing”—sending a flood of disguised emails to trick corporate employees and government bureaucrats to letting them into their networks.
The U.S. suspects that is how they penetrated the Office of Personnel Management, using a phishing email to breach an OPM contractor and then crack the agency’s network. The records of more than 21 million people were exposed in the 2014 and 2015 data breach, disclosed this summer. China has said it wasn’t involved. China’s army has divisions devoted to cyberattacks, and recent evidence shows links between the country’s military and hackers who appear to be pressing the country’s interests abroad."
The report covers major hacks like Sony, Saudi Aramco and the Las Vegas Sands casino where destructive malware was used to cause physical damage. This short summary does not do justice to that excellent article which I really think everyone in management should read.
Security Awareness Training is really needed for every employee in any organization. It allows you to put in place a more effective human firewall and protect your corporate and financial assets. Find out how affordable this is for your organization and be pleasantly surprised.