Cybersecurity terminology can be confusing and complex. At Trava, our goal is to demystify this world and provide you with the tools you need to keep your organization and your data secure. We break down some of the most important terms in cybersecurity, such as phishing, endpoint protection, threats, vulnerabilities, and risk.
What Are “Phishing” Attacks?
A new email just popped into the inbox of one of your new hires. It looks like a request from you, the boss, for them to click on a link and log into the company network. The new employee, ever eager to please, quickly does so, entering their username and password in the process. Done. Your company was just the unknowing victim of a phishing attack.
It’s that simple. You never sent that email. Rather, a hacker posing as you was able to direct your new hire to a custom website meticulously designed to look like yours. Here, the new hire unknowingly entered their full username and password directly into a hacker’s database. Now, the criminals responsible can use that information to breach your organization or sell it on the dark web to the highest bidder.
Phishing is one of the most widespread and insidious cyber attacks today. Nearly 50% of all phishing attacks successfully compromise accounts. Phishing attacks made up about 20% of all data breaches in the past year, costing, on average, over $4 million per breach. One of the reasons for this is that it is cheap and easy to set up. All you need is an email server and a basic website with a form. You can then send out thousands of these emails at once, casting out your bait and hook into the sea of online users, hoping for a few bites.
The other reason phishing is so common is that it strikes at the weakest link in most organizations’ security postures: people. Phishing falls under a category of cyber attacks known as “social engineering,” a fancy way to say that these criminals focus on hacking people instead of machines. This is often the easier approach, and criminals are always lazy. Many organizations have installed firewalls, and anti-malware software has become ubiquitous in modern IT infrastructures. However, to this day, most employees still lack the basic training necessary to know a phishing scam when they see one.
Don’t Take The Bait, Use Trava
As part of our comprehensive security platform, Trava provides a Phishing Simulator. Our Phishing Simulator enables you to send your own test emails to your employees to see how well you have trained them to recognize phishing. By not telling your employees beforehand, they won’t know what is coming, and you will get a more realistic result. Some of your people won’t click on those links, while others may. You can then know what departments or individuals need additional training and can close up those vulnerabilities.
Want to learn more about this topic on the go? Check out our podcast, The Tea on Cybersecurity!
What Is Endpoint Protection?
Another term you may often hear in this space is endpoint protection. In cybersecurity, we refer to each user device as an endpoint device. This would include laptops, smartphones, desktops, and any other devices used by your employees to do work for your organization. Endpoint devices can be targeted using a number of different attacks, including ransomware and other forms of malicious software. It is important to ensure that all software on endpoint devices is up-to-date and patched. A single vulnerability on a single device can provide just the foothold an attacker needs to breach your organization.
The Differences Between Threats, Vulnerabilities, And Risks
It’s important to be able to distinguish between threats, vulnerabilities, and risks. A threat is a specific action that could harm your organization. Phishing is an example of a threat. A vulnerability is a weakness in your organization that a threat could exploit. A lack of adequate anti-phishing training for your employees is an example of a vulnerability. Another example could be failing to implement an email filtering system to automatically delete emails from suspicious sources. Finally, there are risks. Risks are the potential harm caused by a threat exploiting a vulnerability. The primary risk in our phishing example is the loss and exposure of private user information such as usernames, passwords, payment information, and more.
With the rising number of cyber attacks each year, you cannot afford to continue ignoring security. No matter the size of your organization or the industry you are operating in, you could be a target of the next attack. Let Trava help you keep your business growing securely.