Thanks for signing up, a member of the Global PR team will be in touch with you shortly.
“Using technology to solve human problems just doesn’t work, and anyone telling you different is selling magic beans,” said Tom Van de Wiele, principle security consultant at F-Secure. “Real-life attackers, especially criminals, live off perfecting subtle social engineering tricks that trick human beings into letting their guard down. And letting employees believe that cutting edge security technologies will handle everything gives a false sense of security, which is something today’s attackers are counting on.”
Gone phishing
Phishing exemplifies what Van de Wiele says are failings related to overconfidence in technology. According to PwC’s Global State of Information Security Survey 2017*, phishing was the #1 vector for cyber attacks targeting financial institutions in 2016. And based on the spread of managed phishing-as-a-service bundles on the dark net**, these attacks are likely to become more prevalent going forward.
“You’d be amazed by what people click on while they’re working. They’re not stupid, just caught off-guard, not necessarily expecting to be duped,” said Van de Wiele. And indeed, simulated phishing attacks have high success rates in F-Secure’s Red Teaming Tests.
For example, in a recent job, F-Secure red team experts sent out a fake LinkedIn email to see how many of the client organisation’s employees would click on a link in an unsolicited email. 52 per cent of employees clicked. In another test, F-Secure’s red team created an email leading to a fake portal where employees would need to log in using their domain credentials. 26 per cent of recipients followed the email link to the portal, and 13 per cent actually entered their login credentials.
Nothing is off limits
The Red Teaming Tests Van de Wiele and his colleagues conduct involve a comprehensive series of tests designed to highlight what companies are doing right and wrong when it comes to security. The tests challenge companies to successfully detect, contain and respond to simulated cyber attacks intended to steal financial data and intellectual property, or control key parts of a company’s IT infrastructure.
According to Van de Wiele, these tests often surprise companies by revealing just how exposed they are. “Internal views of security rarely match the weaknesses attackers actually see,” he said. The tests encompass a company’s entire attack surface, not just digital but physical too – or anything under the company brand.
“Many companies are surprised when we gain access to offline servers, as many CISOs are unprepared to deal with an attacker who gains physical access to their company’s premises. And that’s surprisingly easy to do: All you need is a safety vest and physical work order. Safety vests are better than Harry Potter’s invisibility cloak. Put it on and you can get anywhere, no questions asked.”
With Red Teaming Tests, organisations can:
**Source: http://www.theregister.co.uk/2016/12/07/phishing_as_a_service/
More Information:
Video: Let us in. Keep them out.
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
Sign up for media information from F-Secure.
Browse through our news by year.
Browse through our news by category.