THE REAL CYBERTHREAT IS IN YOUR INBOX
IT SALES MANAGER
The National Cyber Security Centre has warned government agencies against using Kaspersky Labs’ security software amid fears that data could be exploited. And UK media outlets are buzzing with this latest cybersecurity story and its fallout.
An NCSC statement makes it clear that the advice doesn’t apply to businesses or individuals. But Barclays’ decision to stop offering free Kaspersky software to customers has fanned the flames of this debate.
Naturally, many CxOs and IT managers are wondering if their businesses should stop using the software too.
The answer is quite simple: No.
Don’t waste time and energy chasing what is likely to be an irrelevant risk. The two major cyberthreats facing UK businesses today are phishing and ransomware. In fact, you could say they’re two sides of the same coin. Phishing now accounts for 95% of all cyberattacks, and 97% of phishing emails are designed to deliver a ransomware payload. This is achieved via embedded links, infected attachments or redirection of users to compromised or malicious websites.
So clearly, the greatest threat facing your business is not the Russian state. Nor is it cybercriminals. Vulnerability is closely linked to user behaviour. The people working with your systems day in, day out are the inevitable chink in your cyber armour.
AWARENESS ISN’T ENOUGH
Most people are aware of phishing and ransomware. Yet almost a third of phishing emails that get through to users are opened. And 40% of people who open a malicious email will then click on a link or open an attachment.
It only takes a single click for a ransomware attack to be initiated. So it’s vital to ensure users are more than aware. They need to be actively alert. They need to be vigilant. And they need to know exactly how to recognise and react to phishing emails.
With the winter break around the corner, now is a good time to initiate a simulated phishing training exercise.
Fake phishing emails are sent to unsuspecting users to see if they click links, open attachments or disclose security information. Those who succumb are re-directed towards an e-learning website tailored to the type of attack that’s been simulated. It’s an effective way to test, benchmark and improve resilience to phishing.
GAMEKEEPER TURNED POACHER?
The Kaspersky story does underline the need to understand how data is used and where it resides. But for mid-market businesses, testing and enhancing phishing resilience should be a top priority. Impulsively ripping out anti-virus software is an unnecessary distraction.
Contact Mark on 01242 703400 to find out more. Or download our phishing ebook here.