There was mass digital panic across the office when the email hit our inboxes. The entire department grew quiet, except for a flurry of mouse clicks as hundreds of employees tried to open the same email.
“There’s been an issue with your package delivery!” said the email at the top of my inbox. The sender had given his name as “Aamzon Orders” but his account appeared to be a Gmail address. The sender said I had an Amazon.com delivery waiting for me, but I’d need to click a “Download” button and enter some information to get it all sorted out.
We didn’t know it yet, but every employee at the company had gotten the same email. It had been a test, sent by our cybersecurity team, to see how many people could identify a phishing attack.
The answer? Out of hundreds of employees, only a small percentage reported the email as spam. Hundreds of employees clicked the download button, many of them multiple times. A few even forwarded the email to the tech help-desk, demanding help downloading the file.
This was years ago, at a different company (NOT hatch I.T.). If the email had been real, malware would have infected hundreds of computers across the company. Since the company handled confidential information, a real attack of that size could have forced us into bankruptcy.
There is a New Threat in Town
Over the coming months, many companies will face attacks like that, but this time, the attacks won’t be tests. Even smart, informed people can fall victim to phishing attacks and malware. You can’t vet every email or stop every potential attack yourself.
There has been a surge of malicious phishing attacks designed to exploit fears over the coronavirus. Scammers offer fake vaccines. Others send fake alerts alleging to be from the IRS, CDC, WHO, or Department of Health. Then there are fake “financial relief” forms – anything to get unsuspecting consumers to click. (For a list of some of the most common scams, check the FTC website).
Several DC cyber tech companies have stepped up to the plate. They offer innovative, low-cost solutions that can protect your company. You don’t need them all, but you probably need at least one of them. If you haven’t invested in cybersecurity, your business is at risk.
The platform that’s right for you will depend a lot on what your business does.
- INKY can protect your email. If your business involves sending and receiving a lot of emails from unknown addresses.
- Enveil can protect your real-time interactions with 3rd party data. If you need to securely and privately work with enterprise-level platforms.
- Prevailion protects your internal data. If you store a lot of information about clients and customers.
INKY
Don’t let their adorable squid logo fool you. INKY describes themselves as “the emerging hero in the war against phishing and the smartest investment you can make in the security of your organization.” Winner of the NYCx Cybersecurity Moonshot Challenge, they designed their platform to inform, educate, and protect.
According to INKY, email threats are increasingly sophisticated. One such threat is “text direction deception,” in which “an attacker forces an HTML rendering engine to correctly display text that has been deliberately entered backward in the code — for example, getting a text that exists in HTML code as ‘563 eciffO’ to render forward correctly as ‘Office 365.’”
You’re not likely to notice text direction deception in an email, but INKY will. Their platform learns in real-time so it can catch, or stop, any threat that comes towards your inbox. Their banner can warn users about suspicious content before they make a mistake.
Enveil
What if you have a lot more to worry about than email? Maybe you have data that shifts back and forth between enterprise-level clients and cloud servers, for example. You’ll need to protect more than your email inbox. You’ll also need to be cognizant of data security compliance.
That’s where Enveil comes in. Their ZeroReveal platform enables businesses to access data privately. For example, they help you search third-party databases without revealing the contents of the search itself.
Designed within the intelligence community and built in the private sector, Enveil uses homomorphic encryption to protect any type of data at any size.
Prevailion
Less than a month ago, hackers with links to Iran targeted WHO staff emails. Prevailion was one of the cyber intelligence platforms that found data showing high-level hackers were targeting the World Health Organization and other international organizations combatting the Coronavirus pandemic.
That’s one of the key components of Prevailion – they don’t just protect, they predict. When hackers attacked Mariott earlier this year, they accessed information related to 5.2 million customers. Prevailion’s platform showed evidence an attack was coming in 2019 when their Apex platform picked up on an “elevated level of compromise.”
Protect Your Organization
Whether you run a small business or a large company, if you don’t take steps to protect your technology and data, you’re putting your business in danger. Someone, someday, will click the wrong link. Cybersecurity threats have gotten increasingly sophisticated. They’re no longer just poorly worded scams. Instead, business owners face domain spoofing, whaling attacks, brand forgery, spearfishing, and more.
Companies that don’t invest in cybersecurity will almost certainly fall victim to scams and attacks like these. No matter how informed business leaders are, they cannot keep track of every employee’s actions online.
