Welcome to the new world of cyber security

By on
Welcome to the new world of cyber security
Page 2 of 2  |  Single page

Combat phishing by doing it yourself

Malicious attackers are zeroing in on what many consider to be the weakest points of any security setup, the water and carbon-based life forms running the whole shebang. 

Most of us are wise to the fact that Nigerian princes really don’t need our help in transferring money around, and we almost certainly didn’t win a million euros in a lottery competition we never entered.  So, attackers have begun crafting ever more realistic phishing emails that faithfully mimic correspondence from utility companies or package delivery services. While these emails are still distributed broadly, there’s evidence that hackers are also personalising emails to target particular people within organisations. 

Aaron Bailey, director of Sydney-based The Missing Link Network Integration, believes that training – primarily through experience rather than lectures – is an important strategy in reducing the chances of a successful phishing attack against an organisation.

One particularly effective method, he believes, involves using a simulated phishing attack that generates not only metrics on who opened the suspicious emails, clicked on the links and entered credentials, but also delivers targeted training to those who need it. 

Bryce Boland, CTO of FireEye Asia-Pacific, cautions that while helpful, it’s not a substitute for technical solutions, as “attackers only need to succeed once, and training is never going to deliver a 100 percent success rate”. 

Back to basics 

“Defence in depth” is a key phrase that came up consistently with all the security consultants who CRN spoke to. Having multiple layers of protection makes it more likely that only the more determined hackers are able to get in, while buying the organisation time to deal with them. 

If you can’t afford the latest and the greatest, Julian Haber, CEO of Brisbane-headquartered Intalock, says that “a well configured, managed and monitored environment will provide better protection than numerous expensive ‘best of breed’ tools that are poorly configured or managed”. 

In the experience of Loop’s Morrison, many companies still have “weak passwords, unpatched systems, use unencrypted protocols and lack of network segmentation allowing an attacker to venture anywhere through the network once inside”. 

Getting the basics right can be just as valuable as investing in the latest technology. 

What to do when an intrusion is succesful

Even with well trained staff and an expertly designed and configured security setup, Bitdefender’s Bogdan Botezatu believes that for most organisations it’s a question of when not if an intrusion occurs. 

If an attack is detected in time, damage can be limited. Having SIEM and intrusion detection helps in this regard, both with real-time alerts and the ability to more simply dig through mounds of potential evidence. 

Regular backups are always important. If your organisation is hit with ransomware, it not only allows you to restore systems to their pre-infected state, but also means that there’s no temptation to pay your data’s captors, which merely serves to perpetuate this cycle of cybercrime.  

VENDORS TO WATCH

Trustpipe

Trustpipe monitors network traffic heading into and out of a computer or server. With a small list (under 2Mb) of “expressions”, Trustpipe is able to detect known attacks and any potential variants that are whipped up by hackers. Its compact size and speed is said to make it perfect for older operating systems, including the still widely used Windows XP. 

Sentrix

Sentrix is an AWS and Microsoft Azure-based scalable web-mirroring service that aims to prevent a distributed denial of service attack (DDoS) from succeeding. When your site comes under attack, Sentrix simply keeps expanding its mirror network until the attacker runs out of resources and quits. 

PFP Cybersecurity

PFP Cybersecurity secures a server without installing any software on it. It’s a completely external hardware solution, meaning that even the most advanced malware can’t detect its presence. The system monitors and creates a baseline of the server’s radio-frequency activity when it is performing normal tasks. Via careful analysis, PFP is able to detect anomalous behaviour and potential attacks.

Norse DarkWatch

Norse DarkWatch is an appliance that hooks into the company’s DarkMatter platform, which watches live attacks from the globe like you’d watch a football match on a Friday night. With threat sources and vectors updated constantly, users can prepare their systems as necessary. 

NuData

NuData believes that online fraud has moved beyond just using stolen credit cards, and aims to prevent any funny business by monitoring user behaviour on e-commerce sites. 

ThreatSim

ThreatSim, via its web interface, permits you to run simulated phishing attacks against your own company, allowing you to figure out who is susceptible, and also run targeted training for at risk users. 

Previous Page
1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
antivirus bitdefender firewall security

Partner Content

How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?