In this day and age businesses are targeted on such a regular basis that it is no longer feasible to take a defensive approach to your organisation’s security. Instead, it is our belief that a blended approach which focuses on proactive measures to strengthen your defences, deterring potential attacks and defensive measures to protect your organisation and aid remediation when attacks are successful.
To bring this short series to a close, we felt it would be useful to apply the teachings throughout the series to real world examples of attacks affecting businesses. This enables us to demonstrate how attackers operate and how the proactive measures we proposed you implement work in practice to protect your organisation.
One of the most popular attacks facing organisations at the moment and one which SES have noticed a substantial increase in recently, is the PDF attachment phishing scam.
This scam involves threat actors sending out emails with malicious PDF attachments to unsuspecting victims. The emails utilise a sense of urgency to draw the user in, prompting them to open the malevolent attachment. However, the attachments often either contain malware which will be deployed on your computer or phishing links to extract your sensitive information which will then be used for future attacks.
You should always exercise caution when receiving suspicious looking emails. Early warning signs that the email may not be legitimate include the email being sent from an false looking email address, spelling and grammatical errors in the subject, body and title of the email and the emails contents portraying a sense of urgency, encouraging you to click the links or open attachments contained within.
Its easy to take the stance that your organisation is too small or irrelevant to be targeted by a cyber attack such as the PDP attachment phishing scam. In reality though, phishing scams such as this are the single most popular way of attacking organisations and individuals. They require minimal setup and planning and can be delivered to thousands of targets in a very short period of time.
However, with the right awareness and training, these phishing attacks are also very simple to defend against, reducing the chances you will fall for them.
SES recommend that you begin by strengthening your frontline defences and give your employees the training to help them identify and erase a phishing threat before it can establish itself on your systems. In addition, we would also recommend encrypting your valuable data in transit and rest within your organisation, protecting it in the event your systems are breached.
In addition, SES also recommend that your segregate areas of your systems and networks, limiting your employees’ access to only the areas they require to perform their role. This ensures that in the event your systems or networks are compromised, the attacker’s lateral movements are restricted.
These are just a couple of the proactive measures highlighted in the mini-series your organisation can take to defend against real word threats such as the phishing attack explored this week. For more information on the proactive measures you can take or to discuss your organisations security maturity, please get in touch to speak to one of our specialists.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.