Protecting yourself from the watering hole predators
In my previous blog I spoke about watering hole attacks, where legitimate websites are used by criminals to pass on malware to the website owner’s customers. This month I thought I could expand upon the theme, and would explain a little about how businesses can protect themselves from the threat of Malware, and exploits that are often inadvertently introduced to the network by unsuspecting employees.
It is a simple truth that most malware is introduced and social engineering (The Internet phrase used for being tricked into letting someone scam us) is perpetrated during the browsing of websites or via email. Adding to this mix increasingly is Social media such as Facebook.
Almost all Infections are introduced because we make bad decisions at a critical point. Because we can be overwhelmed by the quantity of email presented to us, the Social engineering call from the scammer has come through at a time when the PC is running slowly and time is precious. When presented with overload of information. Our decision making becomes erratic. We may inadvertently delete valuable leads, or even more potentially damaging, open something that contains malicious code. We may even let someone purporting to be from Microsoft take over our PC. In the case of browsing the Internet, we don’t spot the warning signs that something is amiss.
In the case of Spear Phishing the message might seem to have all sorts of information about us that leads us to trust the sender. Scarily in this case, they probably do have some of this personal information, and you are being specifically targeted.
Some of these issues can only be addressed by making your employees aware of the risks, and arming them with the knowledge to recognise suspicious behaviours. A basics of IT security awareness course would benefit most people both in the office and at home..
But, wouldn’t it be good if someone were to check the websites we browse are safe before we look at them, maybe even checked the content of my emails to make sure they were legitimate and not trying to scam me. In fact as Social Media is now often used by Internet criminals to insert their malware, it would be good if they also performed a similar function with my Social Media. Well this is what Web Security and Email Spam filtering seek to achieve, and the good news is that once they are in place, not only will I be safer in my interactions with email and the web. I will find that because all the junk is filtered out before it reaches me, I don’t have to sort through hordes of irrelevant emails before I get to the ones that are relevant. In addition by adopting filtering of email & web pages at the cloud level, you will reap an additional side benefit of your company becoming more efficient and effective as a result, each user possibly saving 30 minutes a day sorting through irrelevant and dangerous information.
Using Spam filtering and web filtering as part of a layered strategy for the defence of your network means you are removing some of the burden of decision making from your users. The decision to block a site or quarantine a suspect email is mad at the cloud level before it even lands on your network.
A browser can be infected in seconds with little intervention from the user, in the case of Forbes it was achieved via a regular pop up related to Astrology. When just a single click on an infected email attachment can infect a machine or unleash a devastating encryption of your documents as part of a ransom ware
Speak Your Mind