According to a large security software maker, targeted cyber attacks are a growing threat to employers around the world. The prediction was made after the Stuxnet worm hit Iran’s nuclear program in 2010. According to one expert with the company, we will see many more high-profile targeted attacks in the future.
Most consumers avoid suspicious links in spam email. However, targeted attacks are more and more successful because people tend to open files that look like they are from legitimate senders.
The total number of web-based attacks increased 93 percent in 2010 from 2009. Shortened Internet addresses or URLs increased exposure. Abbreviated URLs cut down long website links and make it difficult to see which website one of these shortened links takes people to. Cyber criminals can hide malicious sites more easily using the shortened links. Social networking sites are a growing platform for attackers. Hackers posted millions of shortened links on social networking sites last year to trick users into malware and phishing attacks.
Attacks on leading mobile platforms also increased 42 percent last year with predicted increases in the future. Tarmo Virki, European Technology Correspondent “Targeted cyber attacks to rise further: Symantec,” www.reuters.com (Apr. 5, 2011.)
Social networking, email, Internet searches and online banking are all common network uses in today’s workplace. These tools are all valuable and even necessary, but they also create exposure for data security.
Online fraud can originate from outside or inside a company. Former employees, as well as outsiders, can pose a threat to proprietary information. In order to protect data from theft, destruction or corruption from anyone, employers must set up safeguards, including email and social networking restrictions.
Employers should establish an email protocol that demands employees not respond to unknown emails or open unusual, unknown, unrequested attachments. Moreover, employers should ask that employees not register onto sites that are not work-related or direct solicitations to their work email addresses.
Employers must implement and enforce a policy on computer usage and data management. This Site offers a model policy on Computer, Internet and Network Usage. To see if you have access to this policy, log on and go to Knowledge Vault and then Model Policies.
Anyone who believes they are a target of attacks should report to the IC3’s website at www.IC3.gov. The agency will link complaints and refer organizations to the appropriate law enforcement agency and, at the same time, identify emerging trends in cyber fraud.
This informational piece was published on April 28, 2011 by Risk Management Plus+ Online (A Service of Travelers Bond & Financial Products)
Jon Jepsen, CIC