The Phishing and Fraud report stresses that the best first line of defence is a consistent education programme and creating a culture of curiosity. Tests by Webroot show that security awareness training can have a particularly ameliorative effect.
Companies that ran 11 or more training campaigns reduced employee phishing click-through rates to 13%. Six to ten sessions saw a 28% click-through rate, rising to 33% with one to five employee engagements.
In addition to awareness-raising, F5 Labs stresses the importance of organisations implementing access control protections, including multi-factor authentication and credential stuffing controls, to prevent phished credentials becoming a breach. Other report recommendations include the following defensive tactics:
· Email labeling. Clearly label all mail from external sources to prevent spoofing. A simple, specially formatted message can alert users to be on guard.
· Anti-virus (AV) software. AV software is a critical tool to implement on every system a user has access to. In most cases, up-to-date AV software will stop the malware installation attempt. Set your AV policy to update daily at a minimum.
· Web Filtering. A web filtering solution helps block access to phishing sites. Not only will this prevent a breach (providing the phishingsite is known by your web filter provider), but it presents a valuable teaching opportunity by displaying an error message to the user
· Traffic decryption and inspection. F5 Labs analysed malware domains from Webroot that were active in September and October 2018. 68% of them were phoning-home over port 443, which is the standard TCP port used for websites encrypting communications over SSL/TLS. If organisations do not decrypt traffic before inspection, the malware installed through phishing attacks will go undetected inside the network.
· Single-Sign On (SSO). The fewer credentials users manage, the less likely they are to share them across multiple applications, create weak passwords, and store them insecurely.
· Report phishing. Provide a means for employees to easily report suspected phishing. Some mail clients now have a built-in phish alert button to notify IT of suspicious activity. If your email client doesn’t have this feature, instruct all users to call the helpdesk or security team.
· Change email addresses. Consider changing the email addresses of commonly targeted employees if they are receiving an unusually high number of phishing attacks on a continual basis.
· Use CAPTCHAs. Use challenge-response technologies like CAPTCHA to distinguish humans from bots. However, users can find them annoying so use in cases where it’s highly likely a script is coming from a bot.
· Access control reviews. Review access rights of employees regularly, especially those with access to critical systems. These employees should also be prioritised for phishing training.
· Look out for newly-registered domain names. Phishing sites are often newly registered domains. When F5 reviewed the list of active malware and phishing domains collected by Webroot in September, only 62% were still active a week later.
· Implement web fraud detection. Implement a web fraud solution that detects clients infected with malware. This stops cybercriminals logging into your systems and allowing fraudulent transactions to occur.
“Phishing is a big problem and we expect attacks to continue because they are so effective, especially during the winter period” added Warburton.
“As organisations get better at web application security, it will be easier for fraudsters to phish people than to find web exploits. Ultimately, there is no one-stop-shop security control for phishing and fraud. A comprehensive control framework that includes people, process, and technology is a critical requirement to reduce the risk of an attack becoming a major incident.”
Notre Dame, Scoop Makhathini, GoT, top week in search
From fire disaster to social media disaster, the top Google searches this week covered a wide gamut of themes.
Paris and the whole world looked on in shock as the 856-year-old medieval Catholic cathedral crumbled into ash. The tragic infernal destruction of this tourist attraction of historical and religious significance led South Africans to generate more than 200 000 search queries for “Notre Dame Cathedral” on Monday. Authorities are investigating the cause of the fire that razed the architectural icon.
In other top trending searches on Google this week, radio presenter Siyabonga Ngwekazi, AKA Scoop Makhathini, went viral when it appeared he had taken to Twitter to expose his girlfriend, Akhona Carpede, for cheating on him. Scoop has since come out to say that he was not responsible for the bitter rant and that his account was hacked. “Scoop Makhathini” generated more than 20 000 search queries on Wednesday.
Fans generated more than 20 000 search queries for “Sam Smith” on Tuesday ahead of the the British superstar’s Cape Town performance at the Grand West Casino. Smith ended up cutting his performance short that night due to vocal strain.
Local Game of Thrones superfans were beside themselves on Sunday, searching the internet high and low for the first episode of the American fantasy drama’s eighth season. “Game of Thrones, season 8, episode 1” generated more than 100 000 queries on Google Search on the weekend.
As the festivities kicked off in California with headliners such as Childish Gambino and Ariana Grande, South Africans generated more than 2 000 search queries for “Coachella” on Saturday.
South Africans generated more than 5 000 search queries for “Wendy Williams” on Friday as it emerged that the American talk show host had filed for divorce from her husband Kevin Hunter after 21 years of marriage. Hunter has long been rumored to have been cheating on Williams, which reportedly finally led to the divorce.
Search trends information is gleaned from data collated by Google based on what South Africans have been searching for and asking Google. Google processes more than 40 000 search queries every second. This translates to more than a billion searches per day and 1.2 trillion searches per year worldwide. Live Google search trends data is available at https://www.google.co.za/trends/hottrends#pn=p40
5G smartphones to hit 5M sales in 2019
According to the latest research from Strategy Analytics, global smartphone shipments will reach a modest 5 million units in 2019. Early 5G smartphone models will be expensive and available in limited volumes. Samsung, LG and Huawei will be the early 5G smartphone leaders this year, followed by Apple next year.
Ken Hyers, Director at Strategy Analytics, said, “We forecast global 5G smartphone shipments will reach a modest 5 million units in 2019. Less than 1 percent of all smartphones shipped worldwide will be 5G-enabled this year. Global 5G smartphone shipments are tiny for now, due to expensive device pricing, component bottlenecks, and restricted availability of active 5G networks.”
Ville Petteri-Ukonaho, senior analyst at Strategy Analytics, added, “Samsung will be the early 5G smartphone leader in the first half of 2019, due to initial launches across South Korea and the United States. We predict LG, Huawei, Xiaomi, Motorola and others will follow later in the year, followed by Apple iPhone with its first 5G model during the second half of 2020. The iPhone looks set to be at least a year behind Samsung in the 5G smartphone race and Apple must be careful not to fall too far behind.”
Neil Mawston, executive director at Strategy Analytics, added, “The short-term outlook for 5G smartphones is weak, but the long-term opportunity remains huge. We forecast 1 billion 5G smartphones to ship worldwide per year by 2025. The introduction of 5G networks, by carriers like Verizon or China Mobile, opens up high-speed, ultra-low-latency services such as 8K video, streaming games, and augmented reality for business. The next big question for the mobile industry is how much extra consumers are really willing to pay, if anything, for those emerging 5G smartphones and services.”
Strategy Analytics provides a snapshot analyses for the outlook for 5G smartphone market in this Insight report: 5G Smartphones : From Zero to a Billion
Strategy Analytics provides a deep-dive into the air-interface technologies that will power phones through 2024 across 88 countries here: Global Handset Sales Forecast by 88 Countries and 19 Technologies : 2003 to 2024