So you're thinking "all these phishing and malware attacks won't affect me because I'm not a bank and we have nothing that anybody wants"...WRONG! Take a look at this story published today in Computerworld "Spam that delivers a pink slip".
The story documents the use of "spear phishing". Instead of bombarding the enterprise with foolish emails from unknown persons trying to get an employee to click on a link, spear phishing uses real enterprise addresses with email links and/or document attachments that downloads malware. In this story, a medical center in Georgia was hit by emails, coming from legitimate addresses, telling employees there would be layoffs and directing them to a supposed site that offered career counseling information.
What are the chances of your employees clicking on such a link or, opening a Word document with the fake announcement? Now imagine that the malware is more sophisticated using an attack like Blue Pill....do you see any risk to your enterprise? I"d say there's HIGH RISK.
Was this a bank that was targeted? No it was an enterprise with 3,500 employees. "Well", you think, "we only have a few hundred employees...we''re safe". What security experts have been saying for the last two years is that these types of attacks are becoming more common and they're targetting all size of enterprises. So what's the answer?
THERE IS NO SILVER BULLET! Your enterprise needs a layered defense. It starts by educating employees and workers to not click on email links. Then it moves to a series of layers of defenses outlined in my paper "Modern Network Security Strategy 2006". This includes strong authentication and transaction authentication as users progress towards higher risk applications, networks and information.
There is no one product that is going to provide your enterprise with security. You must wake up to the fact that you're in an arms race where the attacker currently has the upper hand.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us