High profile, embarrassing data hacks like the Sony email breach and the Target credit card scandal receive the bulk of the media attention, but there’s a bigger threat to Internet security that’s much closer to home. The 2015 Data Breach Investigation Report conducted by Verizon shows that the biggest threat to your private information may actually be you!
Phishing campaigns, which send malicious emails disguised as legitimate correspondence, have become not only more prevalent but also more effective in tricking Internet users to open them. In past years, the DBIR reported that the overall effectiveness of phishing campaigns was between 10%-20%. However, in this year’s report, DBIR notes that the trend has worsened “with 23% of recipients now opening phishing messages and 11% clicking on attachments.”
Unfortunately, the scammers have become far cleverer with their campaigns, according to the report.
Now, these messages are rarely sent in isolation. Many are sent as part of a slow and steady campaign. The numbers again show that a campaign of just 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey.
So how can you protect yourself? The authors of the DBIR take some solace knowing that Internet users do not open or interact with 75% of phishing emails. In the past, Internet users could simply use common sense to stay safe from predatory e-mail scams, but because the phishing campaigns include smarter techniques today, the report suggested three solutions to limit the problem:
- Better email filtering before messages arrive in user in-boxes
- Developing and executing an engaging and thorough security awareness program
- Improved detection and response capabilities
In many cases, however, it’s human diligence and not technology that represent the frontline of defense. This can be maximized in a business setting.
“One of the most effective ways you can minimize the phishing threat is through effective awareness and training,” said Lance Spitzner from the SANS Institute, a cooperative research and education organization, which focuses on security issues.
Source: Cyber Security Intelligence