Anytime there’s a new story about a widespread data breach, the talk is all about hackers, crackers and cyber criminals. But recent research reports paint a very different picture. At Insurance Journal, Joseph Menn sums it up this way: “… the vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply available patches to known software flaws, or technicians do not configure systems properly.” See his article: Most Cyber Attacks Due to Trick Emails, Errors, Not Sophisticated Hacking
One of the studies found that, “… more than two-thirds of the 290 electronic espionage cases it learned about in 2014 involved phishing, the security industry’s term for trick emails.” In fact, phishing is the suspected culprit in the Anthem breach.
Phishing is a popular technique because it work and because “the less-sophisticated approach drew less scrutiny from defenders.”
It’s a costly weakness: “According to the new Verizon model, the loss of 100,000 records should cost roughly $475,000 on average, while 100 million lost records should cost about $8.85 million.”
It’s increasingly imperative that organizations include cyber security policies and training for employees – with particular emphasis on avoiding phishing. One key step is learning to spot suspect mails and a second is adopting smart habits like hovering over any links to see the source before clicking – or better yet, going to the source site. For educational resources on phishing, see our prior post: Thwart cyber security threats through employee training