KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Matthias Reinwarth and Martin Kuppinger explain how to protect your users from phishing attacks when they're all working from home...
Learn more about how to continue successful business with Senior Analyst Warwick Ashford's Analyst Advice on Business Resilience Management.
Matthias Reinwarth and Martin Kuppinger explain how to protect your users from phishing attacks when they're all working from home...
Learn more about how to continue successful business with Senior Analyst Warwick Ashford's Analyst Advice on Business Resilience Management.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts. In each edition of this podcast, we have one guest joining me, often a fellow analyst or another interesting part there. And today it is my colleague and founder and principal analyst of KuppingerCole Martin Kuppinger. Hi Martin. Hi Matthias. And welcome to all the attendees. So great to have you again here.
Again, we are talking about a really current topic and something that is really happening just out there. We're talking about, we have to talk about it again. We did this actually in one of the earliest additions of this podcast. We have to talk about cybersecurity. We have to talk about fishing and just right now with the Corona crisis, being in full swing, Corona related, and COVID-19 related fishing schemes are really exploding. What is your first reaction when you think of that? No surprise.
I would say it would be my first reaction is always once a certain topic becomes popular the cybercriminals Trump on it, because they have a very, very simple approach for just, I need to send out something or I need to use something for fishing, which attracts people and apparently to current crisis or hot topic of the day, usually are the topics they use that it is these days. Corona is nothing new. It has to work as well because people are spending more time looking at these topics than ever before and searching for Corona related inflammation.
They are searching for some sort of gears, such as masks and a lot of stuff. And so D potential is, is huge for cyber crime. Exactly.
And I'm, I've just looked at a recent article on medium, which says it's really the phishing schemes around this topic really have jumped up at a, at an immense pace. So they say they talk about more than 660% since February. So this is really something that, that obviously has a lot of attention. And it's really, as you said, cyber criminals are jumping on that bandwagon.
And maybe we can have a short look at the different types of threats that are out there because of course everybody thinks of males, but that are spread and try to make you click on links with, with current information like Corona virus maps. And, but there's more to come, but I think we should start with these memes. Yes. I think males apparently are.
So this is the one I'd like to add as I must think that the opportunity never has been better to sort of skip the male because frequently the male is these are, you have an attachment or you have a malicious link in the mail right now you have a huge opportunity to have people directly with setting the malicious website, which is, I would say the big difference. And I would say, if you look at us at assert aspect was so just more social phishing, a a phone and other types of messages.
I would say this is apparently not as much needed because we, the attackers can go for the simple schemes, sending out mails, having links and tweets, having links and other types of social media communication or trust drying to push a website with malicious links. High enough. You're done Exactly. I think this, this metal topic it's training, it's making people understand. There are always the same identifying signals that really make one suspicious. If this is really an actual mail or this is a fake mail, but nevertheless, you have, you have to do it.
You have to make sure and just ignore everything that is sent into your inbox about coronavirus. I think that is not a bad recommendation. Yeah. I think that that is a very important one, but I would go even step further fertile. They feel realistic. The level of sophistication in attacks in these days is lower than it commonly is and has been. So with all the people looking at Corona news, you don't need sophisticated attacks these days too, because at the end of the model is very simple.
Try to find as many people as you can, which are clicking a malicious link, opening, a malicious document, et cetera, to FTE entry points for subsequent attacks. It is far easier these days. So you don't need sophisticated attacks. The good news on that in some ways, if you use the same measures, the same actions as you commonly do in your sort of everyday self protect against phishing attacks, you should be already pretty much on the safe side of that. That's what my team has brought up. So the one thing is, and this is a standard rule. Be suspicious.
If you receive a mail from someone you don't expect to receive a mail from be suspicious regarding clicking links from sources, you don't know, never open the document, which is attached to a mail. If you don't have really good proof that this is secure to do, but all these are standard recommendations. I bring up in every security awareness training I do myself. And by the way, if you look at our website and then for instance, our blog, you'll find five minutes security awareness training for everything is in, it's really easy to do at the end of the day trust.
So to speak, activate the good humans ends up to people. If your team give them some hints of what to look at. And one of these things was Matea has already provided. I added some more. One thing to think of as well is to think of applications that you download to your mobile phone, or even to your PC. There are lots of apps around that aim at providing good information about the Corona virus and that are aiming at helping in this crisis.
And as they are available, there are lots more which actually just pretend to be doing so, and app use your resources, your data on your mobile phone and use this information and your credibility in a manner that is really not what you really want.
So maybe just an additional recommendation here only use and download applications from known sources, from check sources where somebody is really safeguarding the app store that you're using and, and really make sure that the application that you are using is really the, the actual one of not the counterfeit one, so that you can be sure that your mobile phone is being compromised, which might be then again, be used for sending out phishing emails. Yeah, And I think, again, this is a, I would say a standard recommendation don't install apps. You're not sure about the data, right. Apps.
And that's probably apparently even more the case when it comes to Corona. So we have this discussion about Corona tracking apps and which are privacy sensitive enough or not, which to use endow very few trusted sources for such apps. And if it's about news, honestly, for me, but I might be different from waters here for me, my regular source of news. So that two or three or four news websites or news apps I'm following consequently are sufficient. So I found for myself a good mix of different perspectives on things. I look at these and that's it.
And at some point I also feel that I have enough for instance, Corona on use. So again, most, probably more than enough, more than enough. Yes. And so probably the best advise a select few dress through mercy sources rely on DS and don't go for every other type of inflammation you could get so limited on maybe best go forward the standard, the well-known publications, for instance, which provides so much information, plus maybe the trunk Hopkins university or in trauma, but cochlear Institute, a few other public sources, which became prominent these days.
But if you hear this name every day, 10 or 15 or 20 times, and then use their official website, then you should be also in the prettiest safe side. Exactly.
So to, to, to sum it up, it is nothing new. It is just another trigger that it's used when it comes to making people clicking links or downloading software or yeah, visiting websites. It's just a different trigger. Stay vigilant, stay just critical when it comes to every mail that you receive, recheck them, don't download unknown software. And of course you need to have a good endpoint protection. So some anti-malware some antivirus of course, being installed on each device that you're using. If you use these recommendations, which are not new at all, I think you should be safe.
And just be as, as, as you said, Martin, it's, it's really just use your good, common sense. And that might help in that situation as Well. Yeah. And do a simple five minute security awareness training for everyone. You might have targeted a little bit more at Corona show some samples. There are some, some well-known samples available and internet to illustrate it. The good thing is, and that's what I always say.
You know, everyone in his personal life is as well at risk. So it's not only the business. It's also the personal side. So people understand that they are interested in learning about it, to protect themselves trust to it and trust with a little education and a good human sense of the people. That's a great summary again. And I think that's it for today. Thanks Martin, for joining me with regards to this topic, which is really on everybody's mind right now. And I'm looking forward to having you in one further addition very soon.
Thank you, Martin. Thank you.
