Tech,Space,Gaming, and Science Fiction News to wet your whistle
How to Protect SMBs Against Phishing Attacks via Social Engineering
Social engineering and artificial intelligence (AI) are bringing about a new golden age of hacking for criminals. They are capitalizing on common online habits of everyday people to tempt them to click on or install harmful applications – in the guise of browser extensions, clickbait and more – each specifically targeted to the individual user's online habits using AI.
Most breaches occur when employees make common, seemingly harmless mistakes. Now, this goes beyond forgetting to install updates or using overly simple passwords. In fact, due in part to the rise of social engineering, employee mistakes account for the vast majority of breaches. Hackers are catching on fast, capitalizing on human nature and using AI and social engineering to target unsuspecting employees. Clickbait isn't just about articles and pageviews – it's about getting a backdoor into your network through unsuspecting employees.
These increasingly sophisticated attacks might look like a harmless browser extension or an article in a social media feed. Employees will likely assume they are legitimate (haven't we all downloaded a music app or other favorite tool?). Unfortunately, behind these many commonly installed applications, lurks a more sinister motive: a hidden phishing device.
Varying Risk Factors
While training may be effective, it is unlikely to stop all employees from putting themselves unwittingly at-risk (particularly on their mobile devices over work networks). Small to medium businesses are especially vulnerable when it comes to these highly sophisticated attacks, so what do they need to know to safeguard against these threats?
First, organizations need to understand the types of phishing attacks. Spear phishing, for example, is a phishing attack targeted at specific individuals and can present a substantial risk to organizations. Spear phishing attacks pinpoint persons in the company with access to sensitive and/or valuable data. This could be anyone from a sales executive to an engineer on a specific project to the chief financial officer. While most phishing attacks broadly target employees with the hopes of catching just one, spear phishing is intended to focus on extracting data or credentials from specific individuals. We are seeing this increasingly as hackers become more aware of the value of specific targets and go after them.
Next, organizations need to understand basic prevention techniques. Phishing requires constant training, since humans are the targets, rather than computer systems. Phishing works because someone takes an action to provide access to cybercriminals, unlike other types of attacks. This element of social engineering requires organizations to train employees not once, but on a recurring basis. Many organizations are seeking hands-on training through simulations after finding that prior measures weren't effective. Training employees how to inspect email header information and identify malicious "spoof" websites can help safeguard organizations against many common threats.
Mobile Devices in the Workplace
Mobile devices are increasingly becoming the vector through which hackers target employee networks. According to a recent report, the rate at which users are falling for attacks on mobile devices has increased 85 percent each year since 2011. Mobile devices are growing in popularity for attacks because they often lack endpoint security and have access to a wide variety of mobile applications and messaging services. This provides more opportunities for hackers to target employees, who may assume their personal device isn't a threat to their employer's network. New attacks use popular apps such as WhatsApp and Facebook to lure victims to download malware, which can expose data stored on these devices.
Having a bring-your-own-device (BYOD) policy is not without risks. For example, the device may be taken to offsite for personal use where it could easily be exposed to unknown Wi-Fi networks, shared with family and friends, or have any number of personal applications on it. Additionally, devices, especially mobile phones and tablets, can easily be lost. If the device contains sensitive business information, or can connect to a corporate network to access such data, these behaviors seriously increase the risk of compromising company data.
Training Isn't Always Enough
When the best training isn't enough, SMBs should put technology in place to back up these efforts. People are human, and as such, they will often make judgement calls that may put them at risk despite the best intentions and training. To supplement training, technology that can identify threats where people might not even think to look is critical. A layered security approach that combines the use of technology, policy and training will be the most effective. Solutions like next-generation firewalls, endpoint protection, behavioral heuristics and more should all be explored when architecting the right strategy for your organization.
Ultimately, phishing attacks rely on social engineering, with the goal of putting something in front of an employee that will entice them to click (or download) without thinking about the consequences.
Attackers are constantly changing tactics, so ensuring that you are armed against the latest threats is critical. Look for solutions that automatically update in addition to training your employees at regular intervals to understand the latest threats. Creating a culture of security awareness is an important first step for any organization.
About the author: Timur Kovalev serves as the CTO at Untangle and is responsible for driving technology innovation and integration of gateway, endpoint, and cloud technologies. Timur brings over 20 years of experience across various technology stacks and applications.
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Lenovo is announcing a pair of new laptops today, the Yoga 730 and Flex 14, both of which are seeing a number of small design tweaks and receiving Intel’s 8th gen processors. While there aren’t any major changes this year, the 730 is getting one notable improvement to help it stand out: it has built-in far-field mics so that it can support Alexa. The Yoga 730 is really similar to last year’s Yoga 720 : like all Yoga laptops, it has a touchscreen and can flip around into tablet mode; it starts with a price around $900 but can go much higher if you spec it out; and while it’s a well-made laptop with an aluminum body, it isn’t quite as slim or light as what Lenovo offers in its Yoga 900 series laptops. This year, the 730 has received a few... Continue reading… via The Verge - Tech Posts "http://ift.tt/2BQTs1c"