Reduce risk with tiered security
Mitigating cyber risk is a daily issue that’s evolving rapidly for organisations of all shapes and sizes around the world.
In 2020, *97% of users failed to recognise a sophisticated phishing email.
The harsh reality is that breach is a matter of ‘if’, not ‘when’ – but the good news is that with a thorough and regularly tested IT security strategy, it’s much less likely to occur - and if it does any damage would be limited.
Before we take a look at some of our recommendations and solutions to mitigate the threat, here are some of the most alarming phishing statistics of 2020…
Top 5 phishing statistics of 2020:
1: Only 3% of the users report phishing emails to the management.
2: A single spear-phishing attack results in loss of £1.1 million on average.
3: 30% of phishing emails are opened by users, and 12% of these targeted users click on the malicious link or attachment.
4: Approximately 1.5 million new phishing sites are created every month.
5: 78% of users claim to be familiar with the risks of unsolicited links in emails. And yet, they still click on the links.
Cloud, Perimeter and Endpoint protection
Protection at a single level simply isn’t enough. Our tiered security model achieves the right balance of risk mitigation and productivity, protecting with multiple solutions at cloud, perimeter and endpoint levels – ensuring all necessary control measures are in place to negate attacks, including zero-day threats.
How our Tiered Security Model works:
Protection in the cloud (AV-AS-CC-DDOS)
Protection before your on-site network Cloud security protects you from threats BEFORE your perimeter. It provides you with protection from zero-day attacks, denial-of-service attacks and maximises bandwidth.
Protection at the perimeter (firewall - proxy CC-IPS-IDS)
Traditional firewall technology with proxy to avoid unwanted content and prevent attacks against the network. Examples of attacks can be hacking, intrusion and malware
Protection at the edge (EPP - AV-AS-MFA DLP, encryption and MDM)
Security for computers/devices is essential as this is the biggest attack surface and the most prone to breach. This includes the usual anti-virus, anti-spam, on-demand scanning and protection against threats transmitted by removable media but goes so much deeper. Device encryption is essential, and identity is protected through MFA and MDM. Data is a whole subject in its own right and Data Loss Prevention measures are essential to limit breach and comply with Data Protection legislation and mitigate reputational risk.
Our tiered model is tried and tested and protects 53,000 customers from threats every day. In addition to this approach of IT security we recommend customers adopt several other best practices as part of their overall security strategy.
Penetration Testing & Assessments
Implementing a solution isn’t enough, the durability of your security solutions should be regularly and independently tested to check for any weaknesses and vulnerabilities across the IT environment.
User Awareness Training
78% of users claim to be familiar with the risks of unsolicited links in emails. And yet, they click on the links anyway! It’s essential to embed a strong culture of awareness with tailored security training and phishing simulations ensuring your staff are a true first line of defence.
The Zero Trust Approach
Organisations should insist on verification to connect to systems before granting any form of user access. Requests must be authenticated, authorised, and finally encrypted before granting any access. Never trust, always verify.
Come along to our next workshop to find out more about our ‘Zero Trust’ approach and some of the tools you can implement to ensure access to sensitive data is authenticated, authorised and encrypted. Sign-up here.
Technology moves fast, we do too and so can you. If you’d like more information, Talk to us.
Keepnet Labs- 2020 Phishing Statistics, Security Boulevard- Phishing Statistics of 2020