Is Your Business Next?
By Keith Coker
Most of us have at some point received an email with a relatively vague message such as, “Could you take a look at this?”� and an attachment of some sort.
This type of email could come from an unknown contact or even appear to be from a trusted co-worker or friend. However, hiding in the attachment is a piece of malicious code that could take down an entire business.
The landscape of cyber-threats faced by businesses has exploded in the last decade, both in severity and diversity. Security is already extremely important to the success and wellbeing of a business, and the role of a good security posture will only grow as the landscape of cyber-threats continues to evolve.
The fastest-growing threat to most businesses is a form of social engineering—hacking based on tricking the users themselves, rather than their computers—called phishing.
Phishing: Threat Summary
Phishing is a type of attack where a user is deceived through email or messaging into exposing information or infrastructure to an attacker. During a phishing attack, the attacker only needs a momentary lapse in the user's judgment to gain access to critical information.
Some phishing attacks aim to plant malicious code on a user's machine as part of a larger infiltration. An attacker could also create a very convincing replica of a website such as Facebook or a management portal the user accesses frequently. Users who have not undergone security training may not know to double-check the web address for email links, and therefore may be more susceptible to this type of attack.
Because this type of attack is so easy to perform compared to more advanced hacking techniques, it is very common and very effective. Close to 85 percent of data breaches occur due to email phishing, and attackers are only learning how to be more successful.
Defending Against Phishing
When an attacker attempts to gain access to a user's account, they must provide a username and a password. Requiring additional pieces of information beyond just a password to authenticate users is known as multi-factor authentication (MFA). MFA has been shown to reduce phishing attacks by a huge margin, something Green Cloud helps customers with regularly to improve a business's security posture.
The second element of a good security posture against phishing is continuous user education on correct security procedures and controls. Once a user clicks on a phishing link, there is an extremely high likelihood that they will proceed to enter personal data into that page. Ensuring that users know what a phishing attack looks like reduces the likelihood that they will click on that link in the first place.
An infrastructure of any kind that is not designed with security in mind will not be adequately protected against attacks. The most educated users following the most rigorous security procedures cannot make up for an insecure network or improperly configured firewall. A third-party security operations center can combat this by analyzing the flaws in an infrastructure and submitting a plan for remediation.
Security and Green Cloud
It only takes a single lapse in security to put data for hundreds or thousands of businesses at risk. For that reason, security has been a primary focus for modern cloud services providers (CSPs) like Green Cloud.
Since Green Cloud's founding in 2011, we have viewed security as a holistic set of measures that can be applied to an entire business practice and work with partners across the country to offer small and medium business owners the tools they need to protect themselves against phishing, malware and infrastructure attacks all at once.