Deal­ing with Phish­ing and Ran­somware the Right Way

Phish­ing and ran­somware are cru­cial con­cerns for any or­ga­ni­za­tion, be it a SME or a multi­na­tional. It can rob or dis­able ac­cess to cor­po­rate or per­sonal fi­nances, sen­si­tive em­ployee data and many other in­for­ma­tion of great value to the or­ga­ni­za­tion

PCQuest - - CONTENTS - – An­shu­man Singh, Se­nior Direc­tor Prod­uct Man­age­ment, Bar­racuda Net­works

Both Ran­somware and phish­ing at­tacks and their var­i­ous vari­ants – spearphish­ing/whal­ing and CEO Fraud/ Busi­ness Email Com­pro­mise (BEC) – are cre­at­ing havoc across the globe and are ma­jor con­cerns to­day. Ac­cord­ing to an IEEE sur­vey of CIO’s and CTO’s from the U.S., U.K. and In­dia, on­line se­cu­rity threats will be the big­gest chal­lenge for them in 2017. This is why, both ran­somware and phish­ing are crit­i­cal prob­lems that ev­ery or­ga­ni­za­tion must ad­dress through a va­ri­ety of means: user ed­u­ca­tion, se­cu­rity so­lu­tions, vul­ner­a­bil­ity anal­y­sis, threat in­tel­li­gence, good backup pro­cesses, and even com­mon sense.

The scale of the prob­lem

Oster­man Re­search com­mis­sioned by Bar­racuda Net­works an­tic­i­pates that both phish­ing and ran­somware at­tacks will con­tinue to in­crease as they have for the past sev­eral years. Phish­ing emails con­tain­ing links in­tended to spread ran­somware will only in­crease in 2017. More than the in­di­vid­u­als, it will be the or­ga­ni­za­tions who are in the radar and the pri­mary tar­gets of phish­ing and ran­somware.

Ad­di­tion­ally, ac­cord­ing to the lat­est APWG re­port, the to­tal num­ber of phish­ing at­tacks in 2016 was 1,220,523, a 65% in­crease over 2015. It is also noted that phish­ers con­cen­trated on fewer tar­gets dur­ing the hol­i­day sea­son, and hit fewer lower-yield­ing or ex­per­i­men­tal tar­gets.

How can one min­i­mize dam­age?

• Know the risks – The de­ci­sion mak­ers must be able to fore­see and un­der­stand the risks, not only from phish­ing and ran­somware at­tacks, but also a grow­ing va­ri­ety of threats across all of their com­mu­ni­ca­tion and col­lab­o­ra­tion sys­tems.

• Up-To-Date Sys­tems – Op­er­at­ing sys­tem vul­ner­a­bil­i­ties can al­low cy­ber­crim­i­nals to suc­cess­fully in­fil­trate cor­po­rate de­fenses. As such, sys­tems should be up­dated from time to time.

• In­stall Anti Phish­ing and Anti Ran­somware So­lu­tions – Lat­est so­lu­tions should be in­stalled on­premises or in the cloud that can de­tect phish­ing at­tempts, ran­somware and a va­ri­ety of other threats such as Bar­racuda Email Threat Scan­ner, Bar­racuda Nex­tGen Fire­wall & Web Ap­pli­ca­tion Fire­wall • Care­ful User Be­hav­ior – Em­ploy­ees should be trained re­gard­ing the sen­si­tiv­ity and im­por­tance of the is­sue and best prac­tices to tackle the same. Though mere train­ing the users won’t be enough, it will def­i­nitely act as the first line of de­fense in the se­cu­rity in­fra­struc­ture.

• Sturdy Threat In­tel­li­gence – Or­ga­ni­za­tions should adopt real time threat in­tel­li­gence to min­i­mize the risks of the threat. They need to be a step ahead. Threat in­tel­li­gence can also be used proac­tively by se­cu­rity an­a­lysts and oth­ers to in­ves­ti­gate re­cent at­tacks and dis­cover pre­vi­ously un­known threat sources Cy­ber­crim­i­nals are be­com­ing more up­dated in their use of so­cial engi­neer­ing tech­niques to in­dulge more end users into down­load­ing mal­ware and it is only a mat­ter of time be­fore IT or­ga­ni­za­tions find them­selves rou­tinely deal­ing with these at­tacks. Phish­ing and ran­somware are very se­ri­ous threats that can cause enor­mous dam­age to an or­ga­ni­za­tion’s fi­nances, data as­sets and rep­u­ta­tion. How­ever, by em­ploy­ing Bar­racuda so­lu­tions such as Email Threat Scan­ner, Next Gen Fire­wall , Web Ap­pli­ca­tion Fire­wall and un­der­stand­ing the grav­ity of the prob­lem can surely safe­guard you and your or­ga­ni­za­tion from ran­somware and phish­ing; thus, min­i­miz­ing the dam­age.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.