Celebrating 20 Years of Cybersecurity Awareness!
WELCOME TO CYBERSECURITY AWARENESS MONTH 2022
Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.
This year’s campaign theme — “See Yourself in Cyber” — demonstrates that everyone is responsible for their own online behavior. This October we’ll focus on the “people” part of cybersecurity. Each week we will share information and resources to help educate you so you can make smart decisions whether on the job, at home or at school – now and in the future.
Week 4: Phishing Awareness
The threat of social engineering and phishing is a significant problem worldwide. For an organization to effectively fight cybersecurity attacks, it takes a combination of the best policies, technical defense, and training possible. During cyber-Awareness month we have been focusing our efforts on educating you on how you can protect yourself and your organization. This week’s topic is phishing.
Among all different kinds of cyberattacks, phishing remains the biggest threat to individuals and businesses. In our increasingly technological world, phishing attacks are evolving at a quicker pace than many of us seem to realize. According to recent research from IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020.
What is Phishing?
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
10 popular types of phishing attacks everyone should be aware of.
Email phishing*
is when the attacker sends an email that looks legitimate to trick the recipient into entering their information so that the hacker can steal or sell their data.
Angler phishing
uses fake social media posts to get people to provide login info or download malware.
Spear phishing
involves targeting a specific individual in an organization to try to steal their login credentials.
Whaling attack
is a phishing attack that targets a senior executive.
Smishing
is phishing through some form of a text message or SMS.
Vishing
short for “voice phishing,” is when someone uses the phone to try to steal information. Often the attacker pretends to be a trusted friend or relative or to represent them.
Pop-up phishing
often uses a pop-up about a problem with your computer’s security or some other issue to trick you into clicking.
Clone phishing
is an attack that involves a hacker making an identical copy of a message the recipient already received and putting a malicious link in the new email.
Website spoofing
is when a hacker creates a fake website that looks legitimate. When you use the site to log in to an account, your info is collected by the attacker.
Image phishing
uses images with malicious files in them meant to help a hacker steal your account info or infect your computer.
How to Recognize Common Social Engineering Red Flags
It is essential that all employees be taught how to recognize the most common signs of phishing and social engineering, no matter the delivery method to the user. Our partner, KnowBe4, has created an interesting graphic (shown below) which lists 22 different signs that anyone can use to investigate an incoming email to determine if it is a potential phishing email. According to KNowbe4, It includes commonsense signs we should notice as dubious when we open an email. Things like potentially dangerous attachments, grammar issues indicating the sender is not a native language speaker, an unusual request, sent at a strange time, etc. The graphic puts almost two dozen common “red flags” all in one place. It is a quick, easy read that reinforces several key signs that might indicate a suspicious email. Please feel free to share!
What Should You do if You Detect a Phish?
1. Follow your organization’s policy and take the appropriate steps to best protect yourself and the organization.
2. Report both a suspected or confirmed attack immediately.
3. NEVER ignore or delete an attack.
A Few Tips to Help You Prevent Phishing Attacks:
- Think before you click! Always be suspicious of emails that:
- Ask for your credentials to validate them.
- Ask you to log in to validate a supposed detected security event.
- Come from unexpected senders.
- Hover over all URL links to verify that they come from legitimate, trustworthy domains before clicking on the link. When in doubt, do not click.
- Treat all unexpected file attachments as potentially suspicious.
- Never allow scripts, macros, or other “active content” to run when opening a file attachment from an email.
- When in doubt about an email or unexpected request in an email, call the sender at a known phone number (not one included in the email.)
Week 3: Patch Management
Welcome to week 3 of Cyber Awareness Month. This week, the topic is Patch Management and how it can help you reduce your security risk.
Have you received an update notification and clicked the “remind me later” button? You’re busy at work and think “Not now! I have too much to do,” so you tell yourself, “I’ll do it later,” or “it’s probably not important.” *click* It happens to all of us; however, this seemingly innocent ‘click’ can have serious consequences for your organization.
According to Forrester’s State of Application Security Report, application vulnerabilities are the most common external attack method, making patch management critical to your company’s overall security. In fact, according to the Ponemon Institute, 57% of cyberattack victims report that their breaches could have been prevented by installing an available patch, and even more chilling, 34% of those victims knew of the vulnerability but hadn’t taken action.
What is Patching?
Patch (also known as an update) management is distributing and applying updates to fix operating systems or software errors.
Patches are designed to repair a vulnerability or flaw identified after an application or software is released. They are necessary to upgrade, optimize, or secure your existing software, computers, servers, and technology systems that maintain operational efficacy or mitigate security vulnerabilities.
How Does Your Organization Benefit from Patch Management?
Every day, your business is exposed to more and more cyberattacks and hackers are just waiting to exploit any vulnerabilities they can find. The financial impact of a successful cyberattack can be devastating, from the cost of the attack itself to downtime, to loss of business, to legal and regulatory fines, and the list goes on. Can your organization afford to take that kind of gamble?
Your company can benefit from patch management in a variety of ways:
A More Secure Environment
First and foremost, patch management helps prevent data breaches by fixing security vulnerabilities. By regularly patching vulnerabilities, you’re helping to manage and reduce the risk in your environment.
Being Compliant
If you are required to follow data storing and handling practices required by such regulations as HIPAA and GDPR, patching helps make sure that unauthorized people can not access your data and exploit it.
User Experience
Patch management helps your organization’s overall productivity. Patching helps ensure that the devices your employees use run smoothly at peak performance and bug free.
How Can I Help?
So, instead of clicking that “remind me later” button and becoming part of this statistic, according to a 2019 Ponemon Institute Vulnerability Survey: “60% of breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied.” Instead, click the “update NOW” button. Get yourself a cup of coffee sit back and relax, and enjoy knowing that by patching your system, you are increasing your system’s security, stability, and functionality.
Did You Know?
7 Days
From the time a patch is announced, it takes 7 days for cybercriminals to exploit the known vulnerability.
66%
Just 66% of software is current at any given time.
102 Days
For most organizations, the average time to patch is 102 days.