Tuesday, March 7, 2017
Criminals are adept at spoofing financial institutions, mortgage lenders and Internet service providers, according to a study published March 3, 2017, by the Federal Trade Commission's Office of Technology Research and Investigation (OTech). Thus, the FTC advised business owners to implement advanced authentication technologies to protect against phishing attacks. Employees who click on fraudulent emails can expose individual identities and entire IT networks to malicious attacks, experts warn.
"All companies have one employee who will click on anything," said Brad Smith, President of Microsoft Corp., during a keynote address at the 2017 RSA Conference held Feb. 13 to 17 in San Francisco. "Ninety percent of intrusions begin with a phishing scheme."
Smith called cybersecurity a growing problem in need of new solutions. In the cyberspace battlefield, business owners are both the point of battle and the first responders, he noted, adding that this became more apparent after the Sony Corp. attack, which pitted a foreign power against a private company that had engaged in freedom of expression. Escalating geopolitical controversies will inspire more nation-state attacks against government and private infrastructures, he stated.
Smith called on the world's governments to take a page from the 1949 Geneva Convention by establishing an independent organization to protect civilian infrastructures and address vulnerabilities.
He said a digital Geneva Convention would provide support in the following ways:
The OTech study analyzed leading ecommerce providers and their various methods for protecting networks from attacks. Researchers found that 86 percent of respondents had implemented sender policy framework (SPF) schemes, but fewer than 10 percent reinforced SPF with domain message authentication reporting and conformance (DMARC).
SPF enables Internet service providers to validate email messages by tracing their points of origin. DMARC notifies ISPs when it detects unauthenticated messages, giving ISPs a chance to block the messages before they land in a consumer's inbox. Mimecast, aninternational cybersecurity company, helps companies secure critical infrastructures by protecting their email systems. The Mimecast Email Security Risk Assessment 2017 revealed that phishing attacks are bypassing network security screens. The company's report was based on data from more than 25,000 clients that use its cloud-based email management, security and business continuity solutions. Clients have been increasingly targeted by spammers and advanced impersonators, report authors stated.
"Unfortunately email security strategies fall short and do not keep organizations safe," the authors wrote. "The reality is the entire industry needs to work toward a higher standard of quality, protection and overall email security."
Mimecast researchers cited the following popular techniques in phishing attacks:
Researchers concluded that many email security systems are vulnerable to today's "sophisticated, well-resourced and targeted attackers." Mimecast security analysts are working with participating organizations to identify and understand the email-borne threats that are getting through their current defenses, the company stated.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.