In the July 19, 2012 edition of The Wall Street Journal, President Obama wrote about cybersecurity. The President wrote:
… foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility’s internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.
Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.
What is the most common digital backdoor that is wide open to our cyber adversaries? As the Administration recently demonstrated for the U.S. Senate, that backdoor is spearphishing. Spearphishing is a cyberattack in which the adversary sends a highly targeted email to the intended victim in order to deceive the victim into an action (e.g., visit a website, click a link, open an attachment) that compromises the security of the systems. Note that in spearphishing, the point of attack is not the security technology, but the people. Why are the people targeted instead of the systems? Because targeting people is the easiest and most effective way to enter a secure network. How effective is spearphishing? Spearphishing has been demonstrated to have an effectiveness rate of up to 75%.
How can a spearphishing attack be prevented? What is needed is a method to deprive the attacker of his ability to deceive. Spearphishers deceive by masquerading as trusted senders. At Iconix we identify trusted senders. Our identification system makes it easy for users to distinguish trusted senders from attackers masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. Click here to learn more. You can contact us at 408-727-6342, ext 3 or use our online form.