You have firewalls set in place, regular table-top exercises scheduled, your patches are up-to-date, and you even have a team periodically scanning your network to see what's there—or what's not. And yet you're still under surveillance, you're still being told your network is vulnerable, you're still being hacked. How could that possibly be?
New research from Proofpoint outlines security blind spots that are leaving your company vulnerable—even outside of your control. What your organization can't account for and protect are the malicious emails that are opened after your employees have gone home, the malware that's present on their personal cell phone that also has access to company files, and social engineering attacks that are happening outside of company time.
The paper points out, "About three quarters of breached organizations learn that they’ve been attacked through an outside party. A whopping 98% didn't discover the breach until a week after the fact. And more than half aren't confident they found the root cause." While in 2005, most companies learned of a breach through fraud detection, now law enforcement become the top indication that a breach has occurred, according to the Verizon Data Breach Investigations Report.
Attacks that use email as the method of deployment are rising catastrophically. "In the first quarter of 2016, malicious email message volume (emails that contain harmful URLs and file attachments) increased by 66% over the fourth quarter 2015—and more than 800% vs. the year-ago quarter," the paper says.
But what happens when hackers are using even more creative methods to reach a company outside of their network? Angler phishing uses fake customer support sites, mostly through social media, and lures victims in to steal their login information from the actual site. An example of this was discovered in September, when hackers used fake PayPal support pages through Twitter to steal actual customers' credentials. It doesn't matter how great your endpoint detection is; an attack like this doesn't even have to touch your network to do a considerable amount of damage.
So what on earth can companies do to prevent attacks like this from happening? Proofpoint says the keys are to "identify key blind spots" by looking at devices, social media, and emails beyond your network, "create a plan to close the gaps" by communicating these risks with your team, and "consider solutions to improve visibility" with tools currently on the market.
