I wrote about the social engineering factor in security breaches a couple of weeks ago, highlighting how social engineering has emerged as a key weapon in the arsenal of criminals working to break into corporate networks. Citing the findings of a recent multi-university study on phishing, I had argued that knowledge of new scams is a far more effective deterrence against being victimized than computer literacy alone. In a related vein, a new report published on Computerworld suggests that phishing has emerged as a major security threat vector for businesses.
Phishing is hardly a new problem and has existed since the emergence of email communications. In its traditional form, phishing entails the crafting of messages that masquerade as originating from trustworthy organizations in an attempt to acquire sensitive data such as usernames, passwords and credit card information.
An evolved form called "spear phishing" sees hackers with specific agendas targeting individuals or departments with customized messages. With some research to determine the relationships between employees and names of suppliers, for example, cyber crime groups have been able to greatly increase the success rate of their illicit trickery.
All you need to do is to get an email to a target. You only need a very low click through rate to establish several points of presence inside an organization ... If you have 1,000 employees in your organization and you train them all on not opening untrusted attachments, you'll still have someone doing it. This is not a problem you can train yourself out of.
What has become abundantly clear is how the use of phishing has taken on an entirely new dimension. While IT departments may have ignored the decidedly "low-tech" phishing emails in the past, it is now imperative to build defenses to guard against the inevitable breach resulting from the successful spear phishing attempt. Among other measures, this may include more diligent monitoring of intranets for data leakage, as well as looking for signs of infected workstations and quickly isolating them from the rest of the network.