The Intrinium Review, April 2021

The Intrinium Review, April 2021
Quarter 2 has been off to a great start over at Intrinium, and it has been an exciting time of both growth and reflection. As we grow, we are pleased to welcome Bo Wheeler as our new VP of Cybersecurity Solutions. Bo is adept at building consensus across multiple organizational levels to drive strategic, cohesive operations with a focus on maximizing the performance of strategic cybersecurity sales and marketing organizations. We’re looking forward to all that he’ll accomplish as a member of our Intrinium team!

While we continue to grow, we remain focused on security threats that continue to be a financial burden to many organizations. Below are some of this month’s headlines that you should be aware of as you continue to place your security needs first.

Chase Bank – The Latest Phishing Victim

Chase bank was recently threatened by bad actors using phishing attacks to slip past their Microsoft Exchange security protections, in an aim to steal credentials from victims. One attack claims to contain a credit card statement, while the other falsely informs users that their online account access has been restricted due to “unusual login activity”. These sets of emails have reached almost 20,000 Chase customers so far. The links take potential victims to a phishing page that resembles the Chase login portal and asks for their banking account credentials. Researchers surmised that the URL for the page was likely purchased and hosted using NameSilo, which provides hosting, email and SSL solutions to customers. Services like this are beneficial for millions of people around the world, but unfortunately also lower the bar for cybercriminals looking to launch successful phishing attacks.

Ransom Attacks are Growing & Growing More Expensive

The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021. The average ransom paid is $170,404. Global findings show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data. The average cost of remediating a ransomware attack more than doubled in the last 12 months. These costs include business downtime, lost orders, operational costs etc. Despite many organizations opting to pay their ransoms, only a tiny minority of those who pay will receive their entire data set back.

Smishing & You

Anyone who uses a smartphone has likely been the target of at least one smishing attack. Smishing is much like email phishing scams, but instead sends deceptive or malicious links through text messages.

Like phishing, smishing tries to trick users into giving up valuable information, such as bank-login credentials, by convincing the recipient that the message has come from a trusted source. While these types of scams have been exploiting email accounts for decades, cybersecurity professionals should be especially worried about the dramatic rise in smishing attacks over the past couple of years.

Even before the era of COVID-19 forced organizations to shift to remote work almost overnight, approximately 81 percent of organizations said their employees had experienced a smishing attack on their mobile devices. In 2020, after lockdowns were in place around the world, smishing attacks proliferated exponentially. One study found that between March and July 2020, these attacks increased by an alarming 29 percent.

Although phishing attacks have been around forever, there are at least a few reasons why smishing is more worrisome for IT security today:

It’s far easier to block email phishing on corporate-owned PCs, but today’s remote workers are now using their personal devices to access corporate apps and data. And frankly, there’s just no easy way to verify the authenticity of URLs on smartphones, so users often just click and hope for the best.

As of 2020, 2.8 billion users around the world now carry smartphones. The devices are literally everywhere, providing a vast, exploitable threat landscape for hackers.

Mobile users typically open and respond to text messages far more frequently than email. Consider that 90 percent of text messages are opened and read almost immediately; meanwhile, the average open rate for email hovers around 20 percent.

Since the new era of mass teleworking has pretty much demolished what was left of the traditional network perimeter, CISOs need new strategies for protecting corporate apps and data wherever they are, on any network, device or cloud. The good news is, most CISOs seem to understand that protecting their organizations from mobile threats should be their biggest priority going forward.

A Uniquely Canadian Outage

About 900 Internet users in Tumbler Ridge, British Columbia, lost service for 36 hours when local beavers chewed through an underground fiber able in what a network operator at Telus called a “very bizarre and uniquely Canadian turn of events”.

“Our team located a nearby dam, and it appears the beavers dug underground alongside the creek to reach our cable, which is buried about three feet underground and protected by a 4.5 inch thick conduit.” The beavers apparently used some of the Telus materials to build their dam.

Beavers are Canada’s national animal – but they do have a mixed reputation. The rodents are loved by some as the ultimate environmental engineers – but their incredibly strong teeth can cause extensive damage, and people worry about the havoc they can cause.

If the cost of security has been a sticking point for you or your organization, it is important to understand the true costs of a ransomware or cybersecurity attack. Cybersecurity should remain a top priority when it comes to securing your important information.

Intrinium is here to help.

Please reach out to us here with any concerns about your network or security. Our team operates 365 days a year to ensure your cybersecurity is solved!

Pin It on Pinterest

Share This