The press is reporting that cyber attackers are using fake emails about the G20 conference to infiltrate financial, governmental and economic development organizations.

No doubt it is interesting to know that bad guys are using fake G20 emails to infiltrate systems. But is that information really useful?  If you tell employees who interact with G20 materials not to open suspicious G20 materials, how do they actually do that?  The bad guys construct messaging and bait that looks real — the entire purpose of social engineering is to look important, not suspicious.  That is why, even after being warned, the AP reporter opened the fake email that resulted in the fake tweet about the President being injured in a bombing.  Note an unintended and unavoidable consequence of issuing warnings about fake emails – the bad guys read these reports, too, and can adjust their attacks accordingly to more effectively evade the warning.

IT needs to do more than warn employees about spearphishing attacks.  IT needs to help employees repel that attack.

At Iconix we have embraced this observation by Dr. Frederick Chang, former NSA Director of Research:

… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.

Users must be changed from agents of infiltrators into cyber defenders. Spearphishers deceive people into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.