Thousands of phishing scams are created and acted upon daily, even more so with the amount of people working from home right now. Remote work opens up new doors for hackers and gives them an attractive new target, Production Linux – with all the sensitive data and mission-critical apps they contain. These scams are a hacker’s way of gaining your personal information through deceptive emails or websites. You can think of phishing as the same exact process as fishing, you put the bait on the hook and throw it out into the water and wait for a fish to latch on. This is exactly what hackers are doing when they create a phishing scam, they are putting deceptive emails or websites together and waiting for you to fall for it until they can steal your information.
Users that are responsible for securing and managing Production Linux platforms need to be more focused on phishing attacks than ever before. With so many remote workers causing overloaded VPNs, many companies are opening up new access paths to sensitive systems just to keep employees productive. Couple that with the potential for home workers to have compromised laptops, kids browsing on sites they shouldn’t, distractions that could cause even a security-conscious individual to let their guard down – and you’ve got everything an opportunistic hacker could hope for.
Don’t fall for the bait
As of lately, phishing is a growing global threat. Nearly one third of all breaches in the past year involved phishing, according to the 2019 Verizon Data Breach Investigations Report. For cyber-espionage attacks, that number jumps to 78%.
PhishLabs reported that last year, over 84% of these phishing attacks took place within 5 industries: financial, email, cloud, payment, and SaaS services were the most frequently targeted. Why are these industries being targeted? it’s a safe bet that it’s because they have the most valuable information to hackers and have the most to lose when their servers are infiltrated.
To put into perspective just how dangerous some of these phishing scams can be, you may remember one of the most notable phishing scams of our lifetime. Does the 2016 Presidential election ring a bell? Hillary Clinton had her gmail account hacked into when her campaign chair was tricked into offering over her password and gave access to thousands of personal emails and information to a hacker.
So how can you protect yourself or your organization when a hacker is able to trick someone into visiting their website or entering their information?
Implement 2FA to keep phishers away
One of the best security practices you can enable is 2-factor authentication. Does this stop all phishing attacks from succeeding? In many cases it does, and implementing an additional, low-cost layer of security is always worthwhile alongside your current solution.
A hacker may be able to get through your first barrier, but the odds of it breaking through your second one are significantly lower. A general rule of thumb is to never feel overly confident in your security solution because if there’s a will, there’s a way. According to Alex Bell, a Senior Software Engineer on our Agent Team states “the main idea with 2FA is to mitigate the damage someone can do even if they have your password. One of the biggest ways compromises happen is not fancy exploits but basic phishing emails.” When 2FA is enabled properly, the two factors that are being authenticated are something you know (such as a password) and something you have, or possess physically.
With Cmd, you can enable 2FA quickly and easily in your Production Linux environment. Deploying 2FA is normally a complex project, we can make this deployment easy, scalable, and high-impact.