For many, it’s a morning ritual. Come to work, grab a cup of coffee and start answering those emails. The sooner you’re caught up, the sooner you can get started on the day. Because of this, you may skim internal emails a little more quickly, only acting on what’s asked of you. After all, these work-related messages are from people you trust— right?
In a past blog post, we discussed how cyber criminals will often use tax season as a cover to attack unsuspecting organizations. Usually this is done via a phishing method where the attacker poses as a member of a particular organization’s C-Suite and requests sensitive information be sent their way – like W2 forms, for example. This trick relies on the fact that some HR employees do face requests similar to this, and in such a tense period (tax season), are more likely to slip up and fail to fully verify these requests. With tax season now firmly in the background, one might think that cyber criminals would lay off this method of attack for the time being. Unfortunately, this
Social engineering is currently one of the hottest topics within the IT security world – for good reason. The use of this attack method is only increasing, as phishing attempts grew by a whopping 250% between October 2015 and March 2016, and to make matters worse, combatting this threat poses a very unique challenge. While phishing methods can sometimes be blocked by email spam protections and other similar barriers, detection mostly falls on employees who are challenged to figure out what is real or not. This can be much more difficult than it seems – and it’s only getting harder. Take the following into consideration. Emails can appear as though they are sent from official sources – with official graphics, signatures and
This year had its share of headline grabbing cybersecurity news. From Yahoo’s many breaches, to new threats in phishing and social engineering, 2016 wasn’t short on new threats. With the year wrapping up, we wanted to take a minute to recap what we saw as the biggest threats of 2016, what to prepare for in 2017 and what you can do right now to protect yourself. The Biggest Cybersecurity Threat of 2016 By far, the most significant cybersecurity threat of 2016 was ransomware. The Kaspersky Security Bulletin 2016 states that the rate of ransomware attacks against businesses increased this year from one every two minutes in January to one every 40 seconds in September. Kaspersky Lab detected 2,900 ransomware variations
Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil
You’re probably aware of some standard IT security threats, like viruses, ransomware, various different kinds of malware and more. These make headlines and, more importantly, fit our conception of standard cyber-criminal attacks – programs designed to steal our data and information. However, there are arguably more pressing threats to your business that you may not be familiar with. From time to time, your security profile can fall under attack, and you won’t know until it’s too late. Meet one of the most pressing IT security threats facing the world right now: social engineering. The Threat Social engineering is a method of getting people to willingly give out valuable information about either themselves or a company that employs them. Classified as a
We’re here to discuss your upcoming IT security assessment and compliance audit needs.
