The True Cost of Phishing Attacks

It is quite deceiving that something so vicious can be named after a treasured pastime. We love fishing, but this is not your grandfather’s weekend adventure. Phishing is a serious crime and one from which many are unable to recover. Phishing is not going away anytime soon. In fact, it is at an all-time high. We at Alliance Technology Partners want to warn you about the true cost of phishing attacks.

 

Phishing Statistics

According to the APWG Phishing Activity Trends Report, in the 1st quarter of 2014, the number of phishing sites jumped by 10.7 percent compared to the final quarter in 2013. In 2013, the number of brands targeted by criminals was 525 in the 4th quarter, and by the 1st quarter in 2014, that number reached 557. The first quarter of 2014 experienced the second highest number ever recorded in the first quarter since APWG began tracking and publishing the Phishing Activity and Trends Report.

 

Who are the Primary Targets?

Cybercriminals are not picky. They target any and all businesses and the customers who visit their sites, check their emails, and more. According to the same APWG report, at least 32.7 percent of personal computers were infected with some sort of spyware, malware or adware.

In the United States, we are the number one targets for criminals, as the US is the country with the highest number of phishing sites (APWG June 2014). Trojans are the number-one strain of phishing weapons. Trojans make up more 70% of new malware strains and malware infections.

What is it criminals are after and what industries and consumers are affected? The agency reports payment services sites make up 47% of email subjects; 20% are financial service industries, and 20% include retail and service industries. The two common types of attacks are “spear phishing” and “whaling.”

Crimeware is a common malware code that infiltrates financial institutions to steal customer data and financial information. Generic and Data Trojans can be deployed to any company’s network—including yours—to collect all data that goes in and out of the company. If your company is not in the position to protect, detect, and prevent such attacks, the consequences can and will cripple your business and its brand.

 

What is the True Cost?

Wall Street and Tech reports more than 70% of companies report that the lack of security awareness is the number one threat against the company. Let’s be clear: there are more than financial costs on the line; your very operations are in jeopardy. Once a criminal gets into the system or accesses data, the costs soar. An organization can spend as much as $3.7 million per year addressing phishing attacks. Does your company have that kind of dough? Companies that experience data breaches can also lose money in the bank, they may have to pay legal fees and settlements, they may have to replace software and systems, and companies—if they survive—will have to repair their reputations as well. Revenue is lost, trust is lost, customers flee, and word-of-mouth prevents new clients from seeking your services.

 

Don’t’ become a phishing horror story. Talk to the professionals at Alliance Technology Partners about prevention, protection and strategies to combat phishing attacks.

Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015

Gartner recognizes Acunetix as a Challenger

Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report

Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognized Acunetix as a challenger, assigning Acunetix Web Vulnerability Scanner a score of 4.36 out of 5.0 in the Manual Web Penetration Testing Use Case, in Gartner’s most recent Critical Capabilities for Application Security Testing Report.

Read More

 

Using the Acunetix Login Sequence Recorder in 3 Easy Steps (With Video)

Keeping your website secure just got easier with Acunetix 10. With so many new features and extra capabilities designed to prevent hackers, it can be difficult to know where to start with it. One of the newest features include the improved Acunetix Login Sequence Recorder. What makes this feature so useful is it can test password-protected areas of your website automatically. It really is simple to use too. All you have to do is launch a scan from the Scan Wizard and create a new Login Sequence from there. Here’s how it all works in three steps.

Start the Login Sequence Recorder

Now that you have the Acunetix Login Sequence Recorder going navigate to the login page on your website and log-in to the restricted area. You’ll probably notice all actions are being recorded at this point, but that’s okay – it’s exactly what you want. The scanner will replay any actions you take while it is recording, and once the login actions are complete click ‘Next’.

Define Restrictions

The Acunetix Login Sequence Recorder can pretty much do whatever it is you want it to do, through the recording of your actions. However, you’ll still want to restrict the scanner from performing specific actions you don’t want it to take. This includes things like clicking ‘Logout’, ‘Delete User, ‘Send Email’, and any other option that should not be interacted with during the scan. Once restrictions are set up, click ‘Next’.

Use the ‘Session Pattern’

The final step involves letting the scanner know when it is logged in and logged out. Typically, the Acunetix Login Sequence Recorder can automatically detect a valid Session Pattern using the requests from the login actions. When the scanner does not automatically detect a valid Session Pattern you must manually browse the restricted area until a pattern is detected. Once the scanner has automatically detected the Session Pattern or you’ve done it manually, click ‘Finish’ and save the Login Sequence File.

SecureWorld St. Louis 2015

IMG_0332

We had a great time speaking with everyone who stopped by our booth at SecureWorld on Sept. 22nd & 23rd.

Alliance and Acunetix were highly visible at the show due to our unique value proposition. Acunetix offers the best web application vulnerability scanner on the market and Alliance trains Acunetix users how to apply industry best practices and take full advantage of the solution.

If you were unable to come see us, it’s okay! We’re still available to answer your questions and resolve security issues dragging down efficiency, security, and revenue.