Welcome to Cyber Security Month!

According to Brian Krebs krebsonsecurity.com there have been 3 major security breaches in the
first few days of October 2015.

Experian Breach – 15 Million Consumers

Scottrade Breach – 4.6 Million Customers

Trump Hotel Collection – Unknown number.

It’s “safe to say” Cyber Security challenges are here to stay. We’re doing four blog posts this month to
coincide with Cyber Security Awareness Month.

I thought I’d start with one of the most prevalent methods hackers use to steal your identity and
your PHI/PII.  PHISHING!

Phishing

Phishing is act of stealing personal information via the internet for the purpose of
committing financial fraud. Many, if not most phishing attempts are the result of organized
criminal activity, and much of it originating over seas which limits US Law Enforcement’s22076796_l
ability to stop the thieves.

 

Here’s how Phishing works…

The attacker crafts a FAKE email message that very closely resembles something legitimate like an
email from a shipping company or online store. They typically use large companies so their
chances of randomly selecting someone that has recently ordered something improves.

You receive an official looking FAKE email from Fedex, or Amazon with tracking /shipping information
which makes you think, there may be a delivery issue with your order. Then, click the link.

On average, compromised systems go undetected for 8 months!

BAMM! You’ve just been Phished! But, you may not even know it yet. The more sophisticated
the hackers become, the more difficult it is for you to even realize your system has become
compromised.

Phishing Prevention Techniques

Training – The Human Firewall

  • You’ve heard it before, DON’T CLICK ON LINKS OR ATTACHMENTS!
    It’s really that simple. NEVER open an attachment, or click a link unless
    you just pre-arranged it’s delivery! And even then, there is no guarantee
    the attached PDF, or ZIP file is free of malware
  • Learn how to recognize Phishing emails. Here is a quick video to help with
    the training.

  • Deploy Advanced Persistent Threat protection (Advanced Anti-Malware)
    • This is Anti Malware that is not Black list based. Black List is like getting a flu shot every year.
      The flu shot protects against KNOWN viruses. Unknown viruses are not detected.
    • The world wide malware production is in excess of 600,000 variants per day. It’s impossible
      for traditional Antivirus/Anti Malware detection signatures to stay up to date.
    • APT Malware  detection is based on application behaviors.
  • Use a layered approach
    • Advanced DNS Filtering
    • Firewall with Intrusion Detection / Prevention
    • Block executable files and attachments
    • High quality spam filtering at the email provider/server
    • Containment or Containerized web facing applications such as browsers.

For more information on combating Phishing and Advanced Persistent Threats, contact Action Datatel. 541-494-2099

Leave a Comment