According to a recent survey, 96% of executives failed to tell the difference between a real email and a phishing email 100% of the time.
This is among one of the key findings featured in Harpooning Executives: How Phishing Evolved into the C-Suite, which describes how phishing has evolved into “whaling” and why executives are optimal targets.
Phishing and spear phishing has become increasingly popular attack strategies. Today’s cyber criminals use phishing tactics to evade traditional spam and malware filters in order to wreak havoc on corporate infrastructures.
Our CTO Mark Kedgley comments: “Although phishing is hardly anything new, as the article highlights, corporate data is continuously at risk of security breaches from a vast – and ever increasing – range of attack vectors. Take a look at the latest research on the Rombertik malware to see how phishing and obfuscation tactics are helping malware to evade the newest sandbox technology as well as the traditional AV and firewall defenses.
“The only thing that is a certainty in these increasingly complex circumstances is that the risk of a breach is a constant. A two-pronged approach is the only way to go – get layered defences in place (don’t overlook the newer Microsoft features like EMET and AppLocker) but back it up with real-time host intrusion detection through File Integrity Monitoring (FIM), ensuring that if a cyber-attack proves successful at the very least you get to know about it.”
You can read the full article on Information Security Buzz here