Author: Michael Osterman
on March 25, 2015 - 9:39 PM
What Threats Should You Be Concerned About? (Part 1)
Organizations of all sizes face a wide variety of threats, ranging from
seemingly innocuous incursions like spam that create storage problems and
general annoyance, to highly targeted email attacks that can create major
breaches of sensitive or confidential information. Among the range of threats
to consider are the following:
• Phishing emails
Phishing emails are comparatively unfocused email messages that are
designed to elicit sensitive information from users, such as login credentials,
credit card information, Social Security numbers and other valuable data.
Phishing emails purport to be from trustworthy sources like banks, credit card
companies, shipping companies and other sources with which potential victims
already have established relationships. More sophisticated phishing attempts
will use corporate logos and other identifiers that are designed to fool
potential victims into believing that the phishing emails are genuine.
The impact of phishing emails should not be underestimated. An Osterman
Research survey conducted in late 2014 found that there have been a variety of
security incidents that were attributable to malicious emails, such as 41% of
organizations that have lost sensitive data on an employee’s computer and 24%
that have lost sensitive data from the corporate network.
• Spearphishing emails
A spearphishing email is a targeted phishing attack that is generally
directed at a small group of potential victims, such as senior individuals
within a company or other organization. Spearphishing emails are generally
quite focused, reflecting the fact that a cybercriminal has studied his or her
target and has crafted a message that is designed to have a high degree of
believability and a potentially high open rate.
One of the reasons that spearphishing is becoming more effective is
that potential victims provide cybercriminals with the fodder they need to
craft believable messages. For example, Facebook, Twitter, LinkedIn and other
social media venues contain enormous amounts of valuable information about
travel plans, personal preferences, family members, affiliations, and other
personal and sensitive information that can be incorporated into spearphishing
emails.nd it to you right away.