Wed. Apr 17th, 2024

From the depths of the sea to a large lake: the essence of security is lost in the fancy terms of marketing. Do you already know what “Deep Sea Phishing” means? If this is not the case, you are probably not the only person who does not know this term. This is an example of one of the many new terms that cybersecurity vendors have launched recently. As criminals search for new attack techniques on a daily basis, the security market itself is clouding over and companies are losing focus on what really matters. Anyone typing Deep Sea Phishing into Google will come across all sorts of definitions. Unfortunately, we do not immediately see an analogy with reality. Perhaps the term is related to other forms of phishing that have sprung from the pen of creative marketers. For example, “Spear Phishing” refers to targeted phishing attacks to gain access to the accounts of a particular person; or “Whale Phishing”, a practice in which a key target is targeted, such as the CEO of a company. It all sounds good, but these terms distract us from the essence. The most sophisticated attacks are just a few grains of sand in a much larger sandstorm. In fact, spear phishing and whale phishing are especially popular techniques among “advanced persistent threat” groups. These groups often receive financial support from governments with the intention of engaging in espionage, infiltration or influence. However, the vast majority of cyberattacks are still the result of classic phishing, in which a large network is deployed and criminals wait to see who comes through.

Safety is not a priority

We hear new abbreviations and terms in the security market every day, but most are not clear enough. They serve to sell a product or service as quickly as possible, causing customers to lose interest. Small and medium-sized businesses, in particular, continue to put security off too often, even though they are the ones that most often fall prey to cybercriminals’ phishing networks. For them, security is not always a priority, especially when they have other headaches such as the aftermath of the pandemic, inflation or the looming energy crisis. They also don’t have the knowledge or resources to do much about security. Only when things go wrong do they realize how important it is.

From the depths of the sea to a large lake: the essence of security is lost in the fancy terms of marketing

In the near future, we are sure that new challenges will come our way. And so it’s essential that we have cybersecurity measures in place. If we are juggling words: the greatest threat is not in the depths of the sea, but in a sea monster that hides in a large lake.

quantum computing

By now, most companies are in the habit of backing up their most important data. Since cybercriminals also know that the most valuable information has priority in that backup, it is necessary to protect this data with good encryption. However, over time, encrypting data may no longer be enough. Although criminals can’t do anything with it now, they are collecting encrypted data in a Big Data lake. If the capabilities of quantum computing are made accessible to a wider audience soon, they could unlock that data in a matter of minutes. The fear of the sea monster called quantum computing is quite real, as criminal organizations have meanwhile built quite a piggy bank. to invest in this technology. Anything you can’t use now could become a treasure trove of information years from now. Or how companies that think they are secure, but whose backups have been stolen, will soon become very vulnerable and could suddenly see their business shut down. It is impossible to predict when it will happen. But, as always, defenders must be well prepared to react quickly.

Share experiences and learn from others

Instead of getting bogged down in the use of fancy terminology, it is better to put our energy into education and communication. After all, it is much more important that organizations learn from each other how they have been attacked and how cybercriminals operate. Fortunately, conversations in that realm are quietly starting to take off. Compared to three years ago, we see more and more companies being encouraged to share their story after having suffered a cyber attack. The effects of this new commitment will definitely be seen in the long term. Like a cyberattack, cancer disease was once taboo. Until cancer patients started sharing their testimonials, which means other people are now more aware of it and more likely to go to the doctor. In many cases, this allows effective intervention before it is too late. Normally we do not learn from what goes well, but rather we remember the negative experiences. Small and medium-sized companies are also joining the trend towards greater transparency and, thanks to events like this, they are realizing that an attack of this type can also affect them and that cybersecurity must be a priority on the business agenda. .In the end, security doesn’t need much. Phishing, as the main technique, is fairly straightforward, so the solution doesn’t have to be complex either. So don’t start with a product or marketing claim, but go back to basics and see what the risks are. You have to decouple security from IT and realize that it affects the entire organization, including all the processes and people that are part of the business. In the end, the human firewall is the best defense, even if we ever have to deal with Deep Sea Phishing.Author: Edwin Weijdema, Veeam Software Global Technologist

By Alvaro Rivers

Award-winning student. Incurable social media fanatic. Music scholar. Beer maven. Writer.