Recent email scams directed at Cayman Islands government and law enforcement point to a general rise in sophisticated phishing efforts, warns eShore managing director Polly Pickering.
While many businesses still feel immune to such attacks, Pickering encourages professionals to learn from high-profile cases like the Panama Papers before hackers hit at home.
“Any organization is only as strong as its weakest user,” Pickering said during an eShore event at the National Gallery last month.
Although technology can prevent many cyberattacks, it cannot prevent well-meaning employees from following bad links or downloading infected attachments.
EShore digital marketing specialist Dan Whiteside said 91 percent of phishing attacks start with email, pointing to the need for dual security between staff and technology.
He encouraged companies to strengthen their human line of defense, as well as invest in preventive technology to avoid total reliance on employees.
PhishMe regional sales director Jeffrey Fleischer used prairie dogs as an example of how businesses can improve cybersecurity. Just as the burrowing rodents collectively communicate threats with the rest of the colony, Fleischer said employees should begin flagging scams for their work team.
Rather than deleting an obvious phishing email and moving on, Fleischer encouraged users to flag such messages for their IT team. This way the scams become part of common knowledge and can improve the organization’s overall security.
“We need to condition employees to be vigilant and report suspicious activity,” he said.
He suggested businesses develop a response plan and create an “abuse box” where employees can report suspicious activity.
J. Peter Bruzzese, author of “Conversational Geek,” described the rise in ransomware and “whaling” attacks directed at high-level staff.
As hackers evaluate potential victims, Bruzzese said, they look for gaps in protection to find an easy in.
“Bad guys put you on short list when you don’t have security protection. If I see you are putting some effort in for security, I don’t want to deal with that,” he said.
He described cybersecurity tools as similar to Icarus’s wings, crafted by his father Daedalus to escape Crete. While the wings were functional, they were also subject to user error: flying too high or too low. When businesses ignore best practices online, they also risk the failure of their tools.
Bruzzese encouraged multiple lines of defense, starting with staff training. To protect data stored in digital clouds, he suggested a security tool like Mimecast.
As hackers become more interested in financial gain, places like the Cayman Islands will need to become more vigilant, added Benji Asquith, senior technical specialist for eShore.
“There’s a sense of flying under the radar. That is quickly pivoting and we’re starting to realize that financial centers like the Cayman Islands are becoming more of a target,” Asquith said.
“It’s completely financially motivated nowadays. When you look at 10 to 15 years ago, hacking someone was about bragging rights and you got a lot more high school kids doing it for the glory. But now it’s a professional operation. It’s a business, and the bad guys are following the money.”
Since many businesses do not publicly discuss when they’ve been hacked, he warned that targeted phishing efforts could be more widespread than they appear.
Asquith advised that many hackers will use a side door to access data. They may target a small consulting company to access a large business.
“Think about the data that’s on your systems. No one is necessarily coming after your data, but they’re coming after your clients’ data. If I want to target a law firm, I’m going to look for those peripheral, easiest ways in. Maybe I actually target the two-man accounting firm that’s going to have all of your data anyway,” he said.
He encouraged businesses to avoid complacency.
“A lot of people think they’re OK. But hope is not a strategy,” he said.