Government contractors are prime targets for phishing attacks

January 21, 2020

Homeland Security Secretary, Kirstjen Nielsen stated in a recent speech that cyber weapons and sophisticated hacking now pose a greater threat to the United States than a physical attack. While the Department of Homeland Security faces an enormous amount of cyber threats on a daily basis, they aren’t the only target. Nation states and hacking groups are constantly attacking other government agencies as well as government contractors looking for a way to access the information they seek. This should be a top concern for any organization doing business with the U.S. government.

Huge vulnerability for the US government

These attackers are looking for the easiest way in so they not only target the agencies but also government contractors. Their preferred method? Targeting the employees because of the high success rate – 91% of cyber attacks start with a spear phishing email and 60% of them will fall for the attack.

According to a BitSight report, many contractors don’t follow best practices for email security as nearly 50% scored received a grade below a C. This poses a huge vulnerability to the U.S. government.

We previously wrote about the hacking group Fancy Bear, who targeted defense contractors by sending them phishing attacks. Nearly 40% of the recipients clicked on the links and confidential data was lost. Earlier this year, Chinese hackers compromised computers of a Navy contractor and were able to steal massive amounts of sensitive information related to undersea warfare.

How can government contractors stop phishing attacks?

In today’s day and age where employees are constantly on the move, it’s difficult to keep the organization’s information secure. While the network and computers in the office may be well protected, the necessary use of email weakens your organization’s cyber posture. With email being the preferred attack type, relying on traditional security solutions to catch these highly sophisticated attacks is a risky approach.

Graphus® is the industry’s first automated phishing defense platform. It is powered by patented AI technology, the TrustGraph®, that adapts to each and every organizations unique attack surface. Graphus® provides automated protection and real-time alerts so you are notified instantly of any suspicious or malicious messages. On top of this it  includes  EmployeeShield™, which is an  active warning banner that specifically addresses the vulnerabilities listed above. Employees are your weakest link and relying on them to not click or respond to messages they shouldn’t, isn’t wise. EmployeeShield™ provides the employees with a notification of a suspicious message, a reason why the notification was included in the email, and actions that can be taken directly within the banner itself to  instantaneously mitigate the threat and provide automatic feedback to the IT/Security team.