Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Enterprise

    Protect the enterprise where most breaches occur - at the endpoint

    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Financial

    Financial organizations need a robust, flexible solution for securing access to the internet, email attachments, and removable storage.

    Blog

    Back

    Phishing for Dollars: How to Stop the Bad Guys from Exploiting Your “Weakest Link”

    By BUFFERZONE Team, 28/04/2015

    It’s widely held that employees are an organization’s greatest asset. And while this is certainly true when it comes to winning the war for talent, it’s patently false when it comes to spear phishing campaigns. Because rather than representing a tower of strength, employees are, paradoxically, an organization’s “weakest link”.

    The Spear Phishing Epidemic

    According to Symantec’s 2015 Internet Security Threat Report, spear phishing attacks rose 8% from 2014, yet with 20% fewer emails. That means the bad guys are getting better at building highly-targeted campaigns. Even the FBI is warning organizations of a jump in spear phishing attacks targeting corporate networks across multiple sectors.

    Of course, organizations aren’t standing by waiting for their employees to open the network security defense floodgates. They’re striving to educate their employees by drilling home messages like:

    • Don’t automatically trust emails or click, links, attachments, etc.
    • Be wary of all emails; even from familiar senders
    • Don’t share personal details on social networking sites

    However, while this kind of training is necessary — and for some employees, it’s also repetitive because they’ve been hearing and reading it for years — it’s clearly not enough. Education can strengthen the weakest link in the cyber security chain; but it cannot re-label it. As far as spear phishing attacks go, the weakest link will remain the weakest link due to three factors:

    1.    The campaigns are surprisingly well designed.

    Forget the pathetic, even comical emails with their silly graphics and sloppy grammar that litter SPAM folders. Many of today’s corporate-focused spear phishing campaigns are smart and precise, and crafted to look identical to ordinary, everyday correspondence. A prime example is the recent tax-themed attack detected by Cisco researchers that, ironically, targeted CTOs of tech companies.

    2. Employees are overwhelmingly busy.

    In theory, each employee would scrutinize every single email, text and even phone call to ensure it was legitimate (and they might need to double-check in some cases). But in reality, who has time to do this? Many employees are overwhelmed with tasks as it is. So while they’ll keep an eye out for clearly unusual items, asking them to pore over every piece of correspondence before they move ahead isn’t just impractical: it’s impossible.

    3. It only takes a couple of minutes (literally) for a breach to happen.

    As revealed by the 2014 Verizon Breach Investigations Report, the bad guys don’t have to wait days or hours to hook a victim. In fact, on average they need to linger a mere 122 seconds before the clicks start coming in. As a result, IT departments are struggling to spot and react to spear phishing events, with many of them going undetected.

    So, if educating employees – a.k.a. the weakest link in the cybersecurity chain – is only part of the answer, what can organizations do to fill the gap? Well, let’s first look at what they can’t do.

    • They can’t turn back the clock to a simpler time when bad actors weren’t sophisticated profit-seeking cyber criminals.
    • They can’t unplug and cut themselves off from the interconnected world.
    • They can’t block employees from accessing needed functions, apps and websites, because such a move would lead to major frustration and widespread circumvention (just as it does when IT staff try and enforce unwelcome BYOD policies).

    Fortunately, there is a practical and cost-effective way for organizations to guard against spear phishing attacks in a manner that protects their data and enables their employees: BUFFERZONE.

    Why BUFFERZONE?

    BUFFERZONE is a lightweight solution that automatically isolates web browsers, email and removable storage in a secure, virtual container. It offers protection from spear phishing attacks through the two main vectors of infection: email attachments and malicious links.

    1. Email Attachments: if malware is downloaded and opened via an attachment, the malware is trapped inside the BUFFERZONE virtual container, and therefore cannot escape to infect the endpoint.
    2. Malicious Links: if an email or attachment sends users to a website that delivers malware via “drive-by download”, the malware is trapped by the BUFFERZONE virtual container, and therefore poses no further threat to the organization. In addition, any key loggers used for credential theft are reported so that immediate action can be taken.

    The bottom-line is that with BUFFERZONE, organizations can protect themselves from phishing scams and at the same time, employees can continue to use email, web browsers, and other internet applications they need to be productive and happy.

    In the end, both organizations and employees win, while the bad guys lose. Or at least, they cut bait and go spear phishing somewhere else.

    Learn more about how BUFFERZONE works.