Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News |  Spear Phishing & Social Engineering Demand Spikes In MayBII Compliance the Cyber Security Partner that delivers specialised professional services labelled 'Physical Risk Exposure Analysis' or 'PREA', has reported a spike in demand for its deception and data retrieval aggressor services.
Spear Phishing & Social Engineering Demand Spikes in May Acronyms used in this press release; BII – BII Compliance CSP - Cyber Security Partner PREA – Physical Risk Exposure Analysis CCSE – Cyber & Communication Social Engineering PAS - Spear Phishing Attack Scenario Back in 2010 BII introduced 'Physical Risk Exposure Analysis' (PREA). The professional service cleverly combines physical and cyber intelligence gathering techniques with an output of various attack scenarios delivering a true to life threat exposure value. PREA attracted high interest in 2011 but for some was simply too comprehensive to introduce. Since 2011, BII has worked with its major clients to understand threats (both behavioural and historical) and associated corporate risks. With this knowledge, BII carefully dissected PREA into proactive professional services and expanded them. This created 15 separate cyber services (blades) which could be delivered quickly with exceptional results. The BII office whiteboard details the PREA blade diagram which closely resembles the Hive floor plan from Resident Evil. BII Compliance have reported that two PREA blade services in particular have caught the eye of many Chief Information Security Officers, Risk Managers and Operational Security Directors; 'Having worked with our clients to assess threat impact exposure for over ten years, our social engineering and spear phishing attack service blades born out of PREA have been in very high demand. Such high demand in fact that close to 45% of our professional service business in May 2012 has been for this combined delivery.' CCSE & PAS - This chapter of service from BII Compliance presents selected PREA methodologies to stress test the threat imposed by an aggressor/s. The two phases of testing are conducted covertly to assess the potential vulnerability against a broad range of potential cyber electronic communication threats. Many of these threats are targeted and labelled 'spear phishing attacks' as opposed to the traditional automated phishing methods. There are a number of automated systems available for controlled phishing attacks but we are told that this is almost a pointless exercise... 'Our PREA team operatives are trained in social engineering and special attack and deception techniques, the same methods that malicious actors would use against your organisation. Automated phishing software serves a purpose but only skims the surface. Attacks of this nature should be wrapped up with traditional IDS, whitelist and malware platforms. Real life vulnerabilities are discovered by combining human factors and specially designed spear phishing scenarios'. So why is there high interest in CCSE & PAS right now and what is the difference between automated phishing and real world?... In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is of use to a social engineer, as this is a way to utilising a trusted pretext to obtain information or a tool that can be utilised to obtain the final target information. Due to the success of phishing attacks, malicious phishers have developed spear phishing. Instead of sending out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common and usually higher profile. The e-mails usually are sent from organisations or individuals the potential victims would normally get e-mails from making them even more deceptive. 'Unfortunately with capital spend low due to the economic downturn we are beginning to return to the early 90's responsive delivery methods. As BII has been the CSP of many European organisations over the past 10 years we are at the forefront of many first response incidents, protected reputation and built strong relationships'. The feedback many security professionals have freely provided supports the above statement. The general consensus is that with the double dip recession there simply will not be a thrust for proactive security projects unless a business case provides a real operational cost saving and offset of responsibility or workload. BII Compliance in this regard are well positioned to provide ethical 'non destructive' service to any organisation looking to understand its posture in a true comprehensive black box targeted attack. Example reports and statements of work are available from BII Compliance Ltd directly. END BII Compliance Ltd Barham Court, Kent, ME18 5BZ UNITED KINGDOM www.bii-compliance.com 0044 1622 618752 End
Page Updated Last on: Jan 23, 2013
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
Account Phone Number