The reality is that companies may not realize the attacks are occurring or how often. While there is never a 100% fail-proof solution, companies can mitigate the threat substantially through education, planning and infrastructure upgrades.
Companies should stop to ask the following questions about their protection again phishing attacks:
* What security measures are in place to prevent phishing on my networks?
* Do I have infrastructure in place to determine if phishing attacks are occurring and the extent of the damage done?
* What is our plan to educate and train users to prevent phishing attacks?
* If our company is the victim of a phishing attack, does my IT department have a plan for dealing with it?
If you don’t have solid answers for all those questions, your company is at risk for an attack.
In response to growing phishing threats and to assist companies in fighting these attacks, NSS is offering services that help companies avoid a potentially costly security problem:
* Testing to determine employee awareness and education on these types of attacks and IT staff readiness to address them.
* Education for employees to better understand the real world threats, how they are used and how to avoid them.
* Forensics to extract additional data about attacks, including how they were carried out and what information was compromised.
* Threat detection, allowing companies to detect attacks early through scanning URLs and providing alerts, reducing the impact of fraud attempts.
* Implementation of countermeasures to prevent attacks from happening.
Phishing is costing corporations billions of dollars, and the losses will continue to build as hackers implement campaigns targeting specific companies, commonly referred to as spear phishing.
Those companies unprepared for these directed attacks are powerless without planning, education and infrastructure designed to prevent them from happening in the first place.