Special Feature
Part of a ZDNet Special Feature: BYOD and the Consumerization of IT

Want to stop the phishers? Encryption and education is key

Targeted attacks are on the rise, which means it's no longer enough to simply batten down the hatches and hope for the best.

Enterprises need to tighten up security and better educate their staff if they are to protect themselves from waves of targeted attacks on their systems.

Read this

Cloud security: How to make the switch

When you move to the cloud, take your security with you rather than accept the lowest-common-denominator measures on offer, says Rik Ferguson

Read More

According to research carried out by analyst firm Quocirca on behalf of security company Trend Micro, three-quarters of the 300 businesses surveyed in the UK, France and Germany said they had suffered a targeted attack on their network.

But more than half of the the CISOs, IT security directors and senior managers interviewed said they are deploying tools to prevent hackers making these attacks.

Three-quarters of respondents said targeted attacks were a concern to them, and of those one-third said that targeted attacks had already resulted in their organisation losing financial data, business data, personal data or intellectual property.

Trend Micro's VP of security research Rik Ferguson said such attacks usually start off with 'spear phishing' email, which will address someone by name.

"It will probably appear to come from someone you know and it will probably reference real events that have happened because they've done their research on you," he told ZDNet.

The carefully thought out emails will usually contain links or attachments that can compromise PCs if they are opened, according to Ferguson.

"Build a strong perimeter around every individual machine in your network instead of relying on the perimeter of the network itself" — Rik Ferguson

The change in the nature of attacks means that enterprises should reconsider their security strategy, said Ferguson. 

Businesses now need to work on the assumption that they will be attacked, said Ferguson. "Build a strong perimeter around every individual machine in your network instead of relying on the perimeter of the network itself," said Ferguson. He also argued that data should be encrypted and administrators need to audit and control access to that data. 

Advanced technology like automated file sandboxing, network-based threat analysis, deep packet inspection and file integrity monitoring can also be used in the enterprise to tackle targeted attacks. 

Education, education, education

Read this

Five security risks of moving data in BYOD era

Unregulated network access, lack of data management and disgruntled employees are some top risks companies face in terms of safeguarding data even as employees use their mobile devices for work.

Read More

However, deploying new and potentially expensive technologies isn't the only way to protect an enterprise.

Quocirca analyst Bob Tarzey told ZDNet that businesses can also keep themselves safe by providing on-going education to their workforce.

Tarzey believes that staff need to be educated on where threats enter the enterprise. "Threats obviously come from email but it's also via social media and use of mobile devices," he said. 

Tarzey also suggested that employees should be made aware if their organisation does not want them to use personal channels for company business or social media for certain things. 

"That said, employees will act in a dumb way and on some occasions will be cleverly duped – so technology needs to be there to help them avoid that whenever possible," added Tarzey.