Tuesday, September 9, 2014

Netiquette IQ Blog of The Day - Email is Still Very Vulernable


 As much as security is being updated for electronic communication, some areas almost seem to be losing ground. The article below reflects this.
Jen A. Miller 

CIO | Sep 3, 2014 4:13 AM PT
Email Security Still a Struggle for Most Companies
Banks and social media firms have taken steps to protect their customers from email scams, according to recent research. However, the travel and healthcare industries remain vulnerable. All the more troubling: Spam and phishing show no signs of going away.
Is that email really from your bank or airline? Or a hacker pretending to be?
Research from Agari, which provides email security and threat intelligence tools, shows which industries are constantly under attack – but deflect those attacks – and which industries still get a failing grade as they face increased hacker attention.
Presented by Netskope

10 Alternatives to Heavy-Handed Cloud App Control
Blocking any useful cloud app doesn't work and ultimately does the business a disservice. This list
"Email is one of the criminal's best friends, and one of the most common ways that criminals use to go after their victims," says Patrick Peterson, founder and CEO of Agari. Hackers impersonate brands and try to get you to give them information in return, such as a username and password.
Agari's quarterly report, which looks at 147 companies across 11 industries, evaluates two things. There's the TrustScore, which looks at the highest-volume email-sending domains for a company and then analyzes their implementation of common email authentication standards, including DMARC, DKIM and SPF. Then there's the ThreatScore, which calculates the volume of spam and potentially malicious email sent by hackers masking themselves as a certain company.
Your Bank Is Still a Target for Hackers
From the first to second quarter, Agari found an 8 percent improvement in trust scores across all industries. However, attacks against what Agari calls "mega banks" remained high.
"Attackers are looking to monetize," says Trey Ford, global security strategist for IT security firm Rapid7. "What's easier to monetize than cash? If I can act like I'm some major bank and get you to sign into my fake webpage, I can log in as you and move money around."
Because of this increased attention, banks have also adapted to protect their consumers against these threats, Peterson says. CapitalOne and JP Morgan Chase even appear in the so-called Agari 100 Club, which is reserved for companies that receive a TrustScore of 100. Facebook and Twitter also fall in that group.
"Social media and banks used to be some of the criminals' favorite targets," Peterson says. Those industries have come a long way in their efforts to protect consumers. People now know how to tell if an email from a financial institution "looks a little funny" and shouldn't be trusted, he adds. "Criminals found out that those were much harder targets to impersonate."
That hasn't stopped the criminals, though – JP Morgan and other banks were allegedly hit by Russian hackers last week in an attack that may have been politically motivated.
Email Hackers Now Hitting Travel, Healthcare
So where did criminals turn? The travel industry. It experienced an 800-percent jump in threats between the first and second quarters of the year. Agari's report says travelers are "natural" targets for social engineering, a type of security intrusion that plays on human behavior and emotion.
Related: Spammers' Top Spoofing Targets Still Finance, Travel Industries
"As criminals started to look for a new weak link, they found that travel was incredibly successful," Peterson says. "They've been plowing a lot of their efforts and investments into making more and more improvements spoofing an itinerary."
Bottom of Form
In a 2014 scam, hackers pretended to be Delta Airlines, emailing consumers to say, "Your credit card has been successfully processed," and to provide flight information. Peterson also points to large-scale attacks using Expedia, Airbnb and Booking.com as fronts – all with the goal of either getting your log-in information or installing malware on your machine.
Ford says he's not surprised – not just because of the potential information that hackers can get through setting up fake travel-related sites but because of what travel does to people. Road warriors who frequently travel for work have lowered their barriers, Ford says: "When you get really tired, you do stupid things."
Mobile devices and travel don't always mix well, either. Ford says he's "fairly aggressive" in the security set up of his laptop, but "when I read an email on my phone, I don't have all of those controls. I'm a lot more vulnerable to phishing and [other] attacks – especially when I'm tired."
The good news is that airlines specifically had a 17-percent jump in their TrustScores. "It's very easy when you start from zero to make 17-percent progress," Peterson says, but he points to Delta as a "breakout star" for reacting quickly and effectively after being targeted.
More: Community Health Breach Highlights Healthcare Security Vulnerabilities ]
Healthcare also performed poorly, earning the lowest TrustScore out of all industries. Out of 14 healthcare companies analyzed, 13 were classified as easy targets for cybercriminals, suggesting that healthcare security remains lax.
Email Security a Modern Game of  Whac-a-Mole
Overall, the TrustScore for the companies that Agari studied increased 8 percent in the second quarter. Peterson describes it as a "sea change," adding, "These are big companies. Making changes is hard for them."
As the major banks learned, however, that doesn't mean these attacks will stop. "Criminals have so many tricks up their sleeve," Peterson says, "and have a new one every day."
Progress is good, but big companies still need to be on alert for whatever's next.
Survey: More Than 40 Years Later, Email Security Remains Elusive ]
"Spam is a problem and we still don't have it solved. Phishing is a problem and we still don't have that solved," Ford says. "These [hackers] are businessmen and businesswomen. They're incentivized to be successful. They're going to keep reiterating this game of cat and mouse."
   ============================================
 In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================