Verizon’s Data Breach Investigations Report (DBIR) highlights pretexting, or an attacker impersonating a CEO or CFO or corporate bigwig by spoofing and email to try and get information from employees. For example, the boss might send you an email asking you to help them transfer money or request information about how to do that from the company. IT security experts from FireMon, Prevalent, Inc. and Palo Alto Networks commented below.
Paul Calatayud, CTO of Intelligent Security Management Firm at FireMon:
“Pretexting is a very big threat that will continue to grow because it takes advantage of urgency and common cultural situations where employees will set aside procedures and policies in order to make sure the boss does not get upset. Most phishing training focuses on the content: malware and links more than the sender and in this case the sender and what is being asked is the issue. People will no doubt feel under pressure to make sure the boss is happy and some of the requests will seem entirely legitimate to the right employee.”
Brian Zeman, Chief Operating Officer at Prevalent, Inc.:
“Today’s 2017 Data Breach Investigations Report (DBIR) drives home four simple truths. It codifies that breaches are overwhelmingly perpetrated by outsiders, for financial gain, and that discovery sharply lags – enabling exfiltrations that do untold harm to consumers, businesses and their partners.
“The fourth truth that’s made plain is the industry’s continued blind spot: years after such major third-party breach events as the Target and Home Depot breaches, third-party risk management continues to be a blind spot. Recent Ponemon Industry data shows that many organizations continue to fail at effective third-party risk assessment – with just 18% of respondents saying that their company assesses the cyber risks of third parties – yet this risk vector was unaddressed. Compelling breach events and the third-party risk mandates of new regulations such as NYCRR Part 500 and GDPR make it clear: third party risk management must be a top-five priority for any security-driven organization.”
Greg Day, Vice President and Chief Security Officer at Palo Alto Networks EMEA:
“The report highlights that whilst attackers are evolving, for example with ransomware, too many of the organisations targeted by cybercriminals, aren’t. Organisations are holding onto legacy solutions that weren’t architected to address how threats simply don’t stop adapting. There is a gap between where many businesses are and should be in their prevention strategy. This is something the process of how GDPR compliancy focuses businesses to understand and leverage state of the art cybersecurity capabilities on prevention will make clearer and resolve. It’s too easy to keep adding in new requirements, we must be just as diligent around ensuring legacy capabilities are still fit for purpose in an ever-changing threat landscape.
I really welcome how the report spotlights the next generation of social trickery, namely pretexting. Managing credentials is an ongoing challenge with many organisations struggling to get to grips with the implications the cloud brings. For example, once credentials are compromised they can be leveraged via cloud services often bypassing traditional boundary monitoring controls. Visibility and automated correlation over the increasingly diverse IT and associated security has never been more critical. Businesses must start to find better ways to identify misuse of credentials. With increasingly integrated and diverse information systems, we can only expect to see the scale and impact of such attack methods grow.”
