The PhishChain Island 2020
Malta faced the fourth highest cyber security-related issues in 2019 within the EU according to Eurostat and this year is looking to be even grimmer as advanced Cyber threats are on the rise and criminals getting more sophisticated and resourceful.
The Eurostat report focuses on security incidents which have actually been reported, which presumably could mean that actual amount of incidents were significantly higher, if one were to consider also those that may not have been reported. To compound matters, one would have to also consider breaches that have never been detected or reported. As research by Ponemon Institute suggests, it may take six months to detect a cyber breach, not to mention also the still present vulnerabilities and unpatched services which may be ready to be exploited.
As the report and statistical data from last year shows, Malta has still a long way to go and companies need more resiliency to survive 2020 which is predicted to be even worse in terms of cybercrime. As we have outlined in our previous article “2020 The year of the Phish”, phishing will be a dominant platform for criminals this year. Nearly 90% of all attacks on corporate infrastructure starts with a phishing email. Our experience working with clients in Malta, shows that whilst some organisations have done great progress in raising the employee awareness to phishing emails, others lag behind. At the end of the day, we will continue to harper on the fact that employees remain the “weakest link of security” and more often than not, it is mostly neglected or deemed secondary in terms of importance.
We recommend the following actions, to be better prepared this year:
- Phishing Simulations – D4n6 conducts comprehensive phishing simulations with award winning Phish Sim Platform Infosec IQ and provide automatic online training for employees. Maintaining continuous phishing campaigns will enable organisations to monitor and measure employee resiliency and track their progress in awareness raising. The simulations also provide powerful metrics for IT and management about the state of the mail servers, SPAM filters and the potential need for technology investments.
- Awareness Training – D4n6 maintains a diverse training portfolio on trending information security topics and other subjects of interest. Regular, reoccurring awareness training focusing on the latest trends with exercises reassures that every employee will understand their role and be better prepared against phishing attacks.
- Security Testing – D4n6 partners up with experienced providers to deliver the highest quality penetration testing on the market to clients. Vulnerability assessments and penetration testing by an independent party is a critical practice in detecting internal cyber shortcomings and gives great input for IT and security teams on what needs to be improved in terms of an organisation’s security posture.
We cannot emphasize enough the need for a comprehensive security strategy for organisations in 2020, as threats continue to rise exponentially year on year. In the 2020 FireEye report (The Road Ahead: Cyber Security in 2020 and Beyond) it is predicted that AI and Ransomware (through phishing tactics) will further evolve and dominate the cybercrime market. It is also emphasized that no organisation or territory is safe from the effects of cybercrime, not even Malta or entities doing business here.
D4n6 has many more services to offer to help your organisation in these evolving cyber times. Contact us today!