ENISA, the European Union’s cyber security agency, is calling for businesses and governments throughout Europe to take urgent action to address the emerging trend of cyber attacks, ‘Cyber-attacks – a new edge for old weapons’.
In recent months, a series of cyber attacks targeted high-profile organisations including government and critical infrastructure. Mandiant’s report on cyber espionage included details of the theft of data from hundreds of organisations including those in the EU’s critical sectors. Several recent cyber attacks which have used old methods of attack are being used in a more targeted and intelligent way, giving them a ‘new edge’.
The impact of cyber attacks can be extremely damaging and due to the vulnerabilities of organisations defences. ENISA identifies e-mail as a significant vulnerability, going so far as to say: “Email is insecure: E-mail is universally used, by consumers, businesses and government organizations, but most email systems do not provide any kind of authentication, i.e. it is very hard for users to understand where the message originates from and whether or not the sender is a trusted party. This makes it is very easy for attackers to send fake messages or to pretend they are someone else (spoofing)”. ENISA go on to say that organisations in critical sectors should address the risk of spear-phishing by using encryption solutions and sender authentication frameworks.
Spear-phishing, where a spoof e-mail is sent fraudulently targeting an organisation in search of confidential data, is favoured by cyber criminals as it is low-cost, easy to launch and very effective.
Aside from setting up rigorous cyber security, verification and authentication solutions is addressing the human factor. Technological security is not enough; no organisation is completely secure until all of its staff are fully aware of their role in achieving effective information security.
IT Governance has drawn on its years of Information Security Staff Awareness training to develop and produce the world’s most useful and complete online e-learning information security staff awareness course.
|ITG e-Learning Course – Information Security Staff Awareness