Phishing_angle  - Phishing angle - “We’ve seen a huge proliferation of very successful phishing attacks”Bethan Moorcraft at InsuranceBusiness Mag UK wrote an excellent article about the current state of cyber insurance in Europe. Here is an extract with the link to the full article at the bottom:

“In 2018, we saw a of very phishing campaigns,” said Ryan Rubin, partner, UK Forensic & Integrity Services team, Ernst & Young. “Unfortunately, cyber criminals are being very effective and are getting through organisations’ defences, despite there being an increasing awareness of cyber risk and a general improvement in security controls. What we’ve seen is that businesses often focus on trying to prevent the sophisticated cyberattacks from happening, and they’re less concerned about basic low-level like and business email compromise.

“From an insurance perspective, I think Europe is still playing catchup compared to the US in terms of the adoption of insurance products and the usage of those as a measure for risk mitigation,” Rubin commented. “I think the insurance market is starting to offer a variety of options that companies can have to manage their risk. However, the cyber insurance isn’t a silver bullet in its own right and may not provide the full cover that organisations need.”

“We see organisations of all sizes being targeted and successfully defrauded via phishing campaigns and business email compromise attacks. It’s a combination of social engineering (convincing the recipient that the sender is someone they’re not) and poor cyber hygiene. A lot of organisations have been embracing email solutions in the cloud and as a result of that, some of the nascent weaknesses in security (like password guessing) have helped fraudsters to guess account passwords and start to spoof or pretend to be other members of staff or potentially other suppliers in the supply chain.”

There are relatively simple risk mitigation responses to email compromise and social engineering, according to Rubin. A lot of it ties into basic cyber security hygiene, such as moving away from ordinary username and password authentication to two-factor authentication, particularly schemes that make use of security keys rather than email or SMS communication. This does create a small bit of inconvenience for email users, but it pays off in strengthening an organisation’s email security.

“It also comes down to general awareness,” Rubin told Insurance Business. “What really puzzles me is how any business can accept bank account details and instructions via email, and no matter who it’s sent by, will then allow that transaction to take place. In today’s world, we simply can’t trust emails for sensitive banking transactions, or even to supply personal information to others.”

We could not agree more. Together with the proposed measures above, stepping users through new-school security awareness training is a must to keep on their toes with security of mind.

Here is a link to the full article.

Find out how affordable new-school security awareness training is for your organization. Get a quote now.


Get A Quote  - a8252926 7187 4c02 9dd4 933c17d712b1 - “We’ve seen a huge proliferation of very successful phishing attacks”
Request A Demo  - 2af0f76d 67ca 4454 9896 5cb1da9b1f50 - “We’ve seen a huge proliferation of very successful phishing attacks”



Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here