In today’s new world of work, the latest and greatest security tools get a lot of talk, and IT managers have generally been given quite a bit of budget to implement these tools and bolster their security posture. With the amount of ink that high-profile breaches have had in the media, security issues have risen to the forefront for many businesses, and this vigilance is definitely a good thing. But from what I’ve seen, many businesses are not using that budget as effectively as they could.
If you go back and take a look at the causes of these data breaches, it’s almost never the crazy, never-seen-before tactics that cause issues. Instead, attackers are able to take advantage of long-standing exploits that companies didn’t patch effectively, or issues that they didn’t solve with end-user training. And these attacks are getting more sophisticated.
Here at Ricoh, we’ve invested a lot in end-user training to help protect against phishing and social engineering threats, and we’ve seen our fair share. One such attack that is fairly common today, came from a caller who claimed to be from Microsoft, wanting to check on the health of the employee’s computer under the guise of having detected a virus. Of course, if the employee had allowed them to access their computer, the attackers would have been able to infiltrate the network. This attack failed, as did attempts at financial fraud, and phishing emails that imitated correspondence from legitimate websites, even going so far as creating a phony website identical to the original.
We’ve been able to protect against these and many other threats so far — not because of any specialized tool or new technology, but through strong end-user training and education.