Cyber criminals are after your money, your data and your intellectual property…
If you haven’t taken steps to protect yourself, take action now. Most cyber-attacks exploit basic vulnerabilities in IT systems and software. Small businesses are now targets as they can lead to corporations or devastated like this small family business hit by $40,000 email scam.
As a professional thinking partner to Chief Information Security Officers (CISO)… I would like you to ponder this…
The Security Statement: Security teams and CISOs have indicated that intrusions at the firewall and spam filters should resolve the phishing emails before the end-point or “end-user” is affected.
The Security Question: Would you agree that not all phishing emails are stopped at the firewall and spam filter?
The Security Answer: Yes, we would agree that ~10% BYPASS OR ARE NOT STOPPED by the firewall and spam filters.
We have a Security Problem: FACT is ~10% of intrusion attempts bypass the firewall and spam filters, over 16 million emails (10% of the emails), that make it to the end-point our end-users globally DAILY. If we take a closer look at these gaps in security, A REAL PROBLEM EXISTS that Cyber Criminals are exploiting.
So what can we do to handle these intrusions we call Business Email Compromise (BEC), Social Engineered Emails, Spoofing of Users that you Know and Trust?
What is available to us…
Our users are diverse, some sophisticated and others not. These end-users are now expected to triage the email to ascertain if the email is safe or unsafe – one click could spell an email disaster. A basic simplified security training series coupled with a notification system that an email is suspected as an intrusion.
Fundamentals of Social Engineering – Understanding the basic fundamentals of threats delivered and their counter measures to social engineering, pre-texting, diversion theft, phishing, baiting, quid pro quo, tailgating, and countermeasures.
Predictive Notifications – Best Practices & Integration of threats to the consumer, SMB and corporations, an in-depth understanding of notifier messages and what they mean and what to do afterwards.
Geolocation Maps for Email Vigilance – Understanding the geolocation in Google Maps and Google Earth in relationship to Email Security and the management of intrusion detection and protection with in the business.
Many solutions today only relies on training, testing and more training – expensive and proven still to be ineffective. The training they receive is highly complex, requires them to perform forensics off a card that coaches them what to look for – it is proven that 48% of trained personnel still had breaches, to reinforce the training – end-user receive robotic emails to attempt to validate they are doing their job – this is ineffective, provides a scorecard rating which opens up other HR related issues, lowers productivity and is trying to make them security experts which they are not.
eMailGPS GeoPlatform’s goal is to reduce a cyber-criminals operational space and the likelihood of a successful intrusion attacks – by allowing organizations to compartmentalize their most serious threats, create a circle of trust and focus on business operations. This platform mitigates these attacks – GeoAware Mobile, GeoAware Desktop, GeoAware DataCenter, GeoThreat Isolation and GeoThreat Integration.
Our GeoThreat Core is a simple color-coded solution (like a traffic signal), that brings awareness to the end-user to use caution as they would if they were driving a car… every knows if the light is red or yellow they are conditioned to respond appropriately. If a RED condition occurs they can send these to the security team to resolve or if the firewall is integrated automatically block the firewall (optional). If a YELLOW condition occurs they can send these to the security team to have these added as trusted sources (after geolocation of course), or indicate this is not a trusted source and to block future emails. A GREEN condition indicating they are operating within a trusted circle in SMB, corporations, C2C, B2C, B2B, B2G or G2G… to insure operating integrity of the sources and people within an organization.
Email Security Triage is Complicated
User Experience is everything…
Simplification of Security end-points is the objective!