1. Backup tapes are still needed to protect your data and organization from phishing attacks
Did you know that the biggest number of data breaches result from a phishing attack? But what is a phishing attack and how many firms fall victim to this type of intrusion? What can you do about it to protect your data and your organization? We will discuss these issues and a few more key insights in this edition of LTO BlogBytes. Let’s examine the phishing waters and how LTO technology can help!
WHAT BAIT IS USED?
Phishing is one of the oldest maneuvers used by cyber-criminals to penetrate an organizations network and is still the most common approach. According to a Cisco survey phishing accounts for 90% of the data breaches that firms experience. Why is that? Well, one of the weakest links in the organization, if not the weakest, is unsuspecting users. A phishing attack depends on the gullibility or trust of system users. As described in the survey, “[A phishing] attack earned its name because, like its homophone ‘fishing,’ it uses bait. In a phishing attack, bait often appears as a compelling email. Attackers go to great lengths to ensure that their emails appear as legitimate as possible. These emails most commonly direct target recipients to an attacker-controlled website that delivers malware or intercepts user credentials.”WHAT KIND OF PHISH CAN THEY CATCH?
Phishing attacks come in a number of forms and are designed to trick the user in to thinking a tempting email, link or offer is real. With more employees working from remote locations following the pandemic, and now with business travel on the rise once again, mobile devices have become another entry point for exploitation by phishing schemes.
This trend is discussed in a recent SearchStorage article, “In some cases, clicking the link could expose an end-user device; this was the case when Jeff Bezos’ compromised device exposed corporate information after it accessed a malicious file within a WhatsApp message.” Exploiting the human element can allow the phishing attacker to gain access to the organizations systems that could cause a number of maladies including the theft of sensitive information, holding data for ransom or simply the malicious destruction of data.
DON’T BECOME A BIG PHISH VICTIM!
This Telstra Ventures article summarises some of the things that you can do to protect your organization from becoming the big catch in a phishing undertaking:
- Train Employees – Attackers are getting cleverer and are making fraudulent emails more difficult to detect. Employees should beware of suspicious email IDs, grammatical errors in the email, dangerous attachments and links, as well as scare tactics that make a victim think their computer has been compromised.
- Utilize Anti-virus systems and Spam Filters – Not only use them but keep them up to date as security threats are ever changing.
- Keep Passwords Updated – enforce strict password guidelines making sure passwords are strong, long and use two-step or multi-factor verification.
- Encrypt sensitive company data – in the event the data gets in to the wrong hands encryption will make the data difficult to decipher.
NO PHISHING ZONE!
The good news for you and bad news for phishers is that LTO technology supports a number of data protection features including data encryption. How does LTO data encryption work? You don’t need any special devices because LTO tape drives support the encryption process right at the tape drive itself and any standard LTO Ultrium cartridge can be used to write encrypted data. Learn more about LTO data encryption here. That’s not all, to help secure sensitive information LTO technology supports the sought after ‘air-gap’ data protection. When a tape cartridge is removed from the tape drive it is offline. That is, it’s not attached to the system and an ‘air-gap’ is created between the tape secured data and computer systems. This prevents cyber access to the data, in other words, a no phishing zone. Voila! The offline tape stored information is protected and can be used to restore data that was compromised by attacks that occur against on-line devices.