What You Need to Know About the Growing Interest in Phishing and Security Awareness
by Ed Vasko, CEO, Terra Verde & Expert Guest Author
Over the last 12 months we have witnessed a growing interest in Security Education Training and Awareness (SETA) programs and Phishing, among large and small organizations across the U.S.
The mounting interest could be due to the fact that organizations of all sizes, and consumers of all ages, are being consistently attacked by hackers and cyber-criminals. Research shows that the number of cyber-attacks is increasing. Many of these attacks include phishing, electronic spoofing and social engineering techniques – that are designed to steal credentials or take control of computers, email and social media accounts.
The sad truth is that hackers and cyber-criminals utilize phishing and spoofing techniques because the techniques are effective and they are working. A recent report from APWG reported a 250% increase in the number of Phishing websites being tracked from Q4 of 2015 to the end of Q1 2016. The number of new e-mail phishing campaigns reported by consumers increased from 99,384 to over 229,265 in the same period of time.
The Retail/Service sectors remain the most targeted industry sectors during the first quarter of 2016, representing 42.71% of all attacks followed closely by the Financial Services sector.
KNOW THE ENEMY
Hackers and cyber-criminals are often funded or supported by organized crime, cyber-terrorists and countries that are looking to damage the U.S. economy and U.S. based businesses. These individuals are often part of a cell or group of individuals that are internally directed to launch attacks and exploits at certain companies or brands or are externally directed to launch attacks, due to a 3rd party’s opinion or ideology that is opposite of the organization being attacked.
Cyber-criminal activity can also be driven against unsuspecting consumers in the form of identity theft, credit card theft, back account hacking and theft and personal identifiable information theft. The theft of sensitive personal information is becoming a common occurrence in various industry sectors beyond Retail and Financial Services. Consumer Health Records are now a prime target for cyber-criminals and hackers as that data can be sold on the dark web and used to commit healthcare fraud and cause widespread damage across the healthcare system.
WHAT YOU CAN DO
Organizations can stay informed on threats by accessing free resources being provided by industry associations and the Federal Government. They can also begin to explore the use of Security Education Training and Awareness programs and Phishing platforms that are designed to help increase and build awareness among employees and consumers and can help reduce the impact of various Phishing, spoofing and social engineering attacks.
Below are U.S. Federal Government Agency websites that can be used to report Phishing and social engineering attacks or educate employees and consumers on how best to prevent such attacks:
The U.S. Federal Government is actively posting cybersecurity related warnings about new threats as they emerge through various websites such as the Federal Bureau of Investigation’s main website, their Cyber Crime website, or the Internet Crime Complaint Center website.
October is officially National Cyber Security Awareness Month. The Department of Homeland Security has a website dedicated to this topic, that provides a significant amount of free resources for businesses, consumers, educators and state and local organizations. To read more about National Cyber Security Awareness Month and to learn more about how to defend yourself, your employees or your customers against Phishing, spoofing and social engineering attacks visit the Department of Homeland Security’s website.