Thought Leadership

Information Security: Cyber Threats – Spear Phishing

Cyber Threats - Spear PhishingDid you know?[1]

  • 85,000 net new malicious IPs are launched every day.
  • <55% of all URLs are trustworthy.
  • 30% of internet users access phishing sites.
  • 15% of new files are malicious executables
  • Only 28% of mobile apps are trustworthy or benign


Spear phishing – is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.”



Recently it was reported by Computer Weekly[2] that a forensic investigation revealed a data breach at Excellus BlueCross BlueShield.  According to the article, the investigation revealed that the initial breach took place in December 2013 and wasn’t discovered until September 2015.

Many believe that the source of the breach can be traced to a ‘spear phishing’ email sent to the right person at the right time.

A security failure like this could happen to any of us.  Small and midsize businesses are especially vulnerable primarily because of their reluctance to dedicate the resources necessary to secure their networks.   Retailers, financial institutions, and healthcare providers will also continue to be high-profile targets because of the nature of the data they collect.

If you’re responsible for protecting your firm from cyber threats, you can assume that your systems may have already been breached.  Here are some questions to think about.

  • What should you be doing to secure your perimeter?
    • Do you use two-factor authentication?
    • Do you use default deny policies for perimeter devices?
    • Are all devices kept up to date and patched?
    • Do you filter all web traffic for malware?
    • Do you limit access to bad or infected websites?
    • Do you filter your email for SPAM, for virus and for malware attachments or weblinks?
    • **Would you know if someone got past your defenses and what accessed?
  • Once logged in, how are you protecting your most critical information?
    • Do you have access restrictions on data based on job role and need?
    • Is it possible for a non-employee to access your workstation if you leave your desk?
    • Do you have passwords written on anything around your desk?
    • Are your passwords complex and sufficiently long?
    • Do you limit who has administrative rights to data and applications and even the local workstation?
  • How can you tell if you’ve been breached?
    • Will you know about the breach before you hear or read about it in the news?
    • How would you be able to tell what/where the breach exposure was?
    • Would you know what was taken, or would you have to wait for the hackers to tell you what they took?
    • Do you know who is logged into your network at any specific time?
  • If you’ve been breached, what is your response plan?
    • How do you stop an attack in progress, or close the door that’s been opened?
    • How do you handle the press?
    • How do you determine what was taken?
    • How do you figure out what happened and how to prevent it in the future? (root cause analysis)
  • What is the cost of a breach to your company’s business? Reputation? Bottom line?


If you have difficulty answering any of these questions or if you’re not sure about the efficacy of your security measures, please give Mainstream a call @ 501.801.6700 or send us an email @

[1] Webroot 2015 Threat Brief


  • Industry

  • Category

  • Regulation

  • Solution