Networking

10:08 PM
Jim Rapoza
Jim Rapoza
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Don't Get Snagged By Spear Phishers

For one growing security concern, basic security systems and good user awareness may not be enough to keep users and businesses protected. In some of the recent cases of spear phishing, even trained security personnel were tricked into surrendering personal data or infecting systems with malware.

In many of the cases where security gets compromised at a company, the culprit is often poor user education and ineffective security measures. Frequently, the security breach could have been avoided if a worker had known enough not to open an obvious phishing or malware-loaded email, or if the company had enacted even basic filters and network policies to prevent the bad stuff from ever getting in.

But for one growing security concern, basic security systems and good user awareness may not be enough. In some of the recent cases of spear phishing, even trained security personnel were tricked into surrendering personal data or infecting systems with malware.

So what is spear phishing? Well, in this case, the name that tech pundits have given it actually helps a lot in describing the problem.

Standard phishing is a lot like sitting in a boat with a line drifting in the water. The bad guy isn't exerting too much effort; he's just sending out a broadly structured fake bank or service email in the hopes that a few people will be dumb enough to take a bite, get reeled in and surrender personal data or install malware.

But real-world spear fishing takes a lot more effort: The person needs to know how to swim, maybe even scuba or at least snorkel. They have to be skilled with the spear gun, and they have to target specific fish to catch. Similarly, spear phishing bad guys need to take the time to investigate the company and the individuals they are targeting in order to craft a message that will be seen as legitimate. The spear phishing message could be created to look like real company web applications, to come from real people in the company, and even use the same jargon and logos as company communications.

In this case, the spear phishing involves a lot more work but also has much greater reward. And the bad guys are certainly taking advantage of spear phishing. In a recent Cisco security report, it was shown that while the amount of broadly based phishing attacks were dropping, there was an increased incidence of targeted attacks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed