The security you implement for your organization can make or break the success of your company. It’s always best to get it right the first time, but unfortunately, that’s not always the case. In most cases, companies only begin working on security protocols once a situation has occurred.
Think of your organization as a medieval castle – if all the bricks are in the correct place, the castle is fully protected and can’t be demolished. But if even one brick is out of place, your entire castle can come down, and your enemies are always aware of this.
You will always be left having to examine every single brick to make sure they’re all in the correct place, while for the enemy, it’s an easy take-down. So, take this opportunity to get ahead of the game to protect your organizations and clients.
Phishing – Not the Fun Kind
Whether you have heard of phishing attacks, social engineering before or not, you’ll be surprised to learn how popular they are. In 2021, the most targeted online industries that suffered from attacks include financial institutions, at 24.9%, social media, at 23.6%, Saas/Webmail, at 19.6%, and payments at 8.5%. As technology is advancing, most phishing attacks are as well. So what are some phishing attacks that you can watch out for, and what can you do to protect yourself?
Most phishing attacks come from an email. The attacker can imitate either a person or organization you’re working with, making it seem ‘normal’ to you. In most of these attacks, the intruder is trying to get you to click on a link so it can either release malware to your device or get you to enter personal information so it can be stolen. Let’s look at what email phishing and spear-phishing are and how you can avoid them.
Email phishing scams
This type of attack is random and sent out to thousands of people but is trying to gain personal and sensitive information. Because these attacks are random, the attacker knows almost nothing about the victim, making it a good opportunity for script kiddies to take control of these attacks.
Typically, you receive an email from an unknown person, and in the subject line or body of the email, there will be a sense of urgency and a request for action to keep your account open. When you open this email, you see it’s addressed in a general manner rather than specifically to you and tells you to open the attached link and enter personal information.
Once you enter your details, the attacker has all your data and can use it on other sites, creating a domino effect essentially.
Spear phishing scams
Spear phishing, on the other hand, targets a specific person or organization. Due to the nature of these scams, the attacker must know more specific details to complete a successful attack. In these cases, the attacker will imitate someone within the organization, so the email comes off as ‘normal’ and requires the receiver to log in with credentials to view ‘company’ documents. At this point, the attacker has personal credentials and can use them throughout other company files and programs and further their attacks.
Unlike email phishing which is carried out primarily by script kiddies, spear-phishing attacks require more detailed information about the target, so they are carried out more often by more professional hackers.
How to Protect Yourself
To minimize the chances of getting hit by these types of attacks, whenever you receive a suspicious email, try to reach out to the sender directly and find out if they sent that email or check the website the email supposedly came from to see if anything is out of the ordinary.
In addition, you can examine the email address to see if it looks legitimate, i.e., using .com and not .con. You can also hover over any links or attachments within the email to see if the link looks legitimate. Lastly, check the content of the email itself. If you know the email is generally addressed and not personal to you when it would be specific in most cases, you should be able to identify the email as a phishing attack.
At the very least, if you see any of these situations, do not click on any links or open attachments. In the case that the email is coming from a system that holds sensitive information (such as payment platforms, for example), it’s a better idea to never open links and instead navigate directly to the website and find the area manually within the platform.
In suspicious situations, send as much information as possible to your IT/security department and mark the email as spam. By going this route, you’re giving your teams the ability to be aware of the situation and better plan for the future.
Bug Bounty Programs
Bug Bounty Programs are what they sound like – they are programs offered by many organizations to encourage hackers to report vulnerabilities and bugs rather than exploiting them. Hackers, aka white hats, will receive payment as they report bugs. The vital aspect of this program is that by locating bugs, websites and organizations can further improve their product before the public sees it and better protect themselves.
Ideally, it’s best to run these programs before they are launched to production and can become vulnerable to attacks. Although the reward given to the white hats might be a large one, it will undoubtedly be less than what it would cost to fix an issue once the system is hacked. In most cases, it’s more cost-effective to utilize bug bounty programs rather than waiting for a situation to occur.
Bug bounty programs are one sector of security protocols that can be implemented, but they shouldn’t be the only ones. Now it’s time to understand what has your organization implemented, and is it enough?
What’s unique for your organization?
The best way to avoid security breaches is to ensure your system is unique to your organization and not imitate what other companies in your industry are doing. Once a hacker understands what your competitors are doing, it’s easier (and more likely) for them to hack your system. So, you want to implement individualized procedures. There are two solutions you can follow:
- By creating signatures that target specific malware, companies will always be in a state of catching because they’re always focusing on that malware version and not the next version. You’ll continuously be detecting things that have already hit others before you but not if you’re the first one that gets hit.
- By writing rules for your organization’s norm, you’ll be implementing alerts that will be sent out whenever anything is out of the standard. This allows you to stay on top of any possible hackers trying to get into the system.
When setting up your company’s security program, it’s recommended to consider how a hacker might approach your employees and organization. You’ll want to intentionally do things differently, making it very difficult to hack the system. You’ll also want to consider proper network segregation, proper inspection of content (to and from users), and have an analysis that will detect the user behavior.
Now it’s important to mention that there may never be complete protection and no perfect solution out there, but you want to do the best job for your organization. More importantly, you always want to be better than your neighbors – at least then you’ll be safer and better than what your organization was yesterday.
Where does your company stand?
In the end, according to security professionals, there are two company types out there – ones who don’t know they’ve been attacked and ones that do.
By implementing rules and alerts in your system that reflect the norm, you’ll always be notified of any suspicious activity, and you can catch it before it gets to later stages where it’s more dangerous.
By understanding the norm in your company, you can create rules, and whenever an instance that’s out of the standard occurs, an alert will pop up.
About the Author:
Yuval Khalifa, Cyber Solutions Architect, Coralogix.