The New Threat Landscape

There’s a new threat landscape and it’s you! So, what does that mean? According to the latest reports from data breach experts (namely the Verizon Business Data Breach Investigations Report), attackers are no longer spending as much time directly attacking servers and data. One of the most common methods of access today is for attackers to target employees and their systems to gain a foothold into the network.

This means that you are more important than ever to the confidentiality, integrity, and availability of the systems that you and your company rely on each day. What can you do? Here are some things to keep in mind as the new front-line defenders of information security:

• E-mail is not secure by default. If you need to exchange confidential information, ask the other party if they have a secure or encrypted e-mail mechanism. E-Mail is typically transmitted across the Internet in plain-text, which makes it vulnerable to eaves-dropping by many parties along the way. If you need to send confidential or private information at work and the other party does not have a secure mail gateway, speak with your Helpdesk about possible alternatives. There may already be an enterprise-wide solution in place that you can use. For sending confidential and private information at home you may have to investigate an encrypted e-mail provider, or consider simply calling the party you need to share information with. With some apps in the various marketplaces today you can easily encrypt both your voice calls and text messages.
• Any pond with fish will eventually be Phished. The days of e-mails that contain viruses or malicious links from unknowns are far from behind us. Several of the largest data breaches this year have happened because of an infected e-mail sent to a handful of employees. However prescient (and frightening) these attacks account for only a small number of data breaches today. The same principal is still being applied in ever-more versatile ways, however. Attackers have started moving their phishing scams, malicious links, viruses, and spam to social networks to keep up with the times.  Be wary of strange (especially “viral”) links that show up on Facebook or Twitter, as these are the latest ponds to be phished. These links can lead to viruses or infected pages which can, in turn, infect your machine and even grant attackers access into your company’s networks.
• Smart Phone viruses are a growing trend. Mobile phones now only carry the moniker of “phone” for the sake of tradition. They are just as much (if not more) a computer as the desktops that we used a decade ago. No matter what your phone of choice (iPhone, Android, BlackBerry, et cetera), there are most likely attackers trying to write malicious code for it or (on some platforms) sneak malicious apps into the app marketplace. It is probably worth researching some Anti-Virus and firewall solutions for your mobile device platform of choice. This is another among many good reasons to consider e-mail insecure. The infancy of smart phone operating systems makes it easier for attackers and harder for anti-virus and anti-malware makers, which makes your mobile device an easy point of entry for an attacker looking to gain access to confidential company data, or your own private information.

Posted by Ben, Senior Information Security Engineer at Intelius