2022年10月19日

美國東部時間2022年10月19日上午09:02加利福尼亞州山景城——(商業連線)——聯邦調查局正在試圖聯係你。你的微軟設備有病毒(但你有一台MacBook)。你因逃稅而被通緝(雖然你早在4月15日之前就申請了)。自從互聯網出現以來，不良行為者采取了創造性的方式來掠奪消費者。雲安全領域的領導者Menlo Security今天發布的研究報告顯示，消費者收到了以下信息:收到了來自CEO的信息，提供了禮品卡支付(22%)尼日利亞王子提供了一大筆錢(37%)免費遊輪(49%)並非所有的網絡威脅都這麼明顯——收到了來自PayPal或Zelle的電子郵件，說你收到了一筆付款?最好檢查一下這個電子郵件地址，確保它是合法的。真的是凱倫阿姨給你發了她亞馬遜願望清單的鏈接嗎?她從來不發短信。即使威脅行為者變得越來越複雜，並發起旨在操縱個人的個性化攻擊，大多數消費者仍然相信他們可以識別並報告可疑的惡意網絡活動(77%)。盡管如此，56%的人仍然擔心他們可能會被威脅嚇倒(30%的人報告說他們曾被威脅過)——當涉及到對父母、孩子或愛人類似命運的擔憂時，這一數字躍升至72%。 Most alarming, most consumers still fail to implement basic best practices when it comes to protecting their devices, despite nearly a third (31%) reporting receiving spam emails multiple times per day. Only 21% use email security software Only 33% consistently use two-factor authentication (2FA) Only 28% don’t use repeated passwords Only 20% use a password manager Generational divides Perhaps the most obvious and easiest way to protect yourself from online security threats: don’t click links you don’t trust. Gen Z, the generation that has never know life without internet, email and texting (and the least likely to have received any offers from the Nigerian Princes of the world), are the least likely to not click on suspicious links (59%) compared with Baby Boomers (88%), Gen X (82%) and Millennials (73%). The younger generations – Gen Z (38%) and Millennials (35%) – are more likely to implement practices like consistent 2 Factor Authentication (2FA) use when compared to Baby Boomers (31%) and Gen X (33%). What is consistent across generations: most are not implementing basic cyber safety practices. It’s not just personal information we should worry about It’s not just consumer’s personal bank info or PayPal account that’s at stake. 56% of people report doing personal business on a work device (raise your hand if you enabled iMessaging on your work laptop or sent that report to your personal email to work on later) or logging into work systems from a personal phone (who doesn’t have their work email on their personal phone these days? ), putting their employer’s data at risk as well. “For cybersecurity leaders, it’s harder now than ever to secure company data,” said Mark Guntrip, senior director of cybersecurity strategy at Menlo Security. “This goes beyond the challenges of ensuring employees have access to the data they need regardless of their physical location, it’s about educating people on the steps they need to take to not only guard against threats, but learn to identify increasingly sophisticated, personalized threats – look no further than Uber’s recent data breach – design to appeal to individuals.” Looking into 2023, threats and attacks, including Highly Evasive Adaptive Threats (HEAT) – which are used as beachheads for initiating ransomware, extortionware and other endpoint breaches – are only going to continue rising. While just over half of consumers had heard of phishing (68%), password attacks (55%), trojan horses (51%), or malware/ransomware (66%), most had not heard of other attacks such as smishing (11%). It’s perhaps not realistic to expect the everyday consumers to keep up with the latest threat vectors; but in our “work from anywhere” world with increased usage of SaaS apps that are accessible via any browser, anywhere, these highly evasive adaptive threats (HEAT) are only going to continue rising. This means the burden often falls on corporations to defend against the weakest link in the security chain: people. How to protect your data According to Guntrip, there are basic steps everyone should take to ensure their data – personal and company – are protected: Enable 2FA Use strong passwords (random combinations of letters and numbers are best) and store them securely in a password manager Don’t use repeated passwords Report suspicious communications