I would encourage all email users to get into the habit of thinking before they click, because cybercriminals’ emails are becoming increasingly indistinguishable from legitimate messages from known senders
Clearwater, FL (PRWEB) February 26, 2013
Today, both individual families and organizations are under constant threat of attack from cybercriminals. Cybercriminals are increasing their attacks on people and businesses, with the goal of stealing a maximum amount of confidential information. To illustrate this rapid increase, security firm RSA recently reported an average of 33,000 phishing attacks per month, with an estimated worldwide loss of nearly $700,000,000 from phishing scams alone (1). KnowBe4, a security awareness training firm, is warning small and medium-sized businesses of a new threat called APT (Advanced Persistent Threat), which, in 91% of the cases, starts with a spear-phishing attack. KnowBe4 provides the finance and healthcare industries with the training and testing to avoid and defend against such attacks.
To make attacks more effective, cybercriminals created the “Advanced Persistent Threat” (APT). APT is actually a team of attackers who work together to efficiently infiltrate organizations in order to access political, economic or military resources. While many cybercriminals will send mass emails to a large number of users, the APT has fine-tuned its approach and specifically targets executives who have access to a company’s most sensitive and secure information. The APT is typically funded and trained by a foreign government with both the capability and the intent to persistently target a specific entity.
Founder and CEO of KnowBe4, Stu Sjouwerman (pronounced “shower-man”), believes that the reason companies are falling victim to the APT is because they are not taking proactive measures to prevent it. In addition to security awareness training, Sjouwerman stresses that understanding how the APT operates is critical in defending against an attack.
After the APT targets an organization and zeros in on key employees, an APT team will research the individual and harvest all data they can find, including emails, pictures and financial records. The APT carries out its attack by sending the individual an email from a seemingly recognized source containing an infected file. Once the file is opened, the computer is silently hacked and the APT gains full control of the computer system. Because of the subtle nature of the attack, many victims can be unaware of its existence for years.
In the wake of APTs, KnowBe4 strongly advises businesses to have their employees properly trained on cybersecurity. KnowBe4’s Kevin Mitnick Security Awareness Training specializes in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering—and are able to apply this knowledge in their day-to-day work. Kevin Mitnick Security Awareness Training is an interactive, web-based program which includes case studies, live demonstration videos and short tests. Regularly-scheduled phishing security tests help keep employees on their toes, which helps business owners and managers determine what percentage of employees are Phish-prone™ (or susceptible to phishing attacks). Those users who fall for such simulated phishing attacks can receive instant remedial training.
“I would encourage all email users to get into the habit of thinking before they click, because cybercriminals’ emails are becoming increasingly indistinguishable from legitimate messages from known senders,” explained Sjouwerman.
KnowBe4 provides an extensive collection of free cybercrime education resources so that executives can arm themselves and their staff against cyberattacks.
“This ongoing [APT] threat emphasizes the importance of user awareness and education. By implementing company-wide security awareness training, enterprises can ensure that their executives and staff know what to watch out for, and how to avoid falling prey to cyberattacks, even saving their company hundreds of thousands of dollars and sensitive information,” added Sjouwerman.
For more information on KnowBe4’s Internet security training services and cybercrime prevention tips, visit http://www.knowbe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He is the author of four books, including Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.
(1)“Phishing in Season: A Look at Online Fraud in 2012.” RSA.com. RSA FraudAction Research Labs, n.d. Web. 19 Feb. 2013. blogs.rsa.com/phishing-in-season-a-look-at-online-fraud-in-2012/.