03 September 2015

Spear Phishing & the Mimecast Human Firewall Event

Spear Phishing. Not the fun kind. Doesn’t result in fish braais.

I would never click a phishing link” – the most commonly overheard phrase from people who are likely to click a phishing link. Internet security is a deep, black hole of scary stuff that we try our very best to ignore.

I actually have a slide dedicated to this in one of my talks (Future Kids Future Customers) that walks people through how many colossal security breaches have happened in the last 2 years – and how little we seem to care. And those are the public ones that are reports, not the ones the banks don’t disclose.

I met one of those people the other day. She’d had her bank account hacked and had R30k odd drained. Bank insisted she’d clicked on a phishing email. She insisted she hadn’t. While I’d like to trust her, I suspect she got had. And that made me sad.

Mimecast are doing some interesting stuff around enterprise protection against these kind of attacks. And they’re holding a conference if you want to know more. I’m interested enough in this – to tell you.

If you have a business or if you want to be a little more empowered around security decisions (phishing is just the beginning of the journey) – then you’ll enjoy this info.

Security is like backups. Not useful until it is.

DETAILS UP FRONT:



WHAT IS SPEAR PHISHING?



Ah, criminal hackers! Those scallywags. As melodramatic as it might sound, you have but to hang out on the Internet for a few days to figure out that the pimply teenagers out there wield considerable power in this new digital age. And in fact, they’re not just pimply teenagers anymore. There are dedicated hacking businesses across the globe, trading personal information and national secrets in an economy that will induce tin-foil-hat-wearing in the very best of us.

Here’s an infographic with more.



WHAT ARE MIMECAST DOING ABOUT THIS?

For the full story, read that white paper and go to the event. But here’s a little bit from them around some software that will help – as well as the philosophical approach of building a “human firewall”. A human firewall is the idea of educating your staff so that they’re the first line of defense (not the first line of happy clickers) in the security process.

“Mimecast has software that scans and rewrites all hyperlinks in emails to check whether they are malicious or not, but with the rate of change by the hacking community, technology can’t (unfortunately) always block everything. Mimecast’s new version of Targeted Threat Protection also teaches people why links are malicious when they click on them by alerting them to the URL (which may look like fnb.co.za but is actually fbn.co.za, or looks like ‘SARS’ but is actually ‘SAR’). We’re also trying to help build the human firewall in businesses by encouraging all business decision makers to do their part by educating their staff about the dangers of sharing personal information using a malicious link.”

More anti-virus for all y’all! But seriously – I like the concept of a human firewall. We have stuck our heads in the sand when it comes to ALL issues of digital security. Perhaps it’s time we started talking about this.

What say you?