If the phishing season were not already open, the
Epsilon data breach certainly opened it. I recommend two recent articles that you should read and digest.
Over at Threatpost, there is an interview that highlights the vulnerability of higher education institutions. An excerpt is:
Threatpost: What trends are you seeing in the phishing arena these days?
Aaron Higbee: We’re seeing a lot of attacks aimed at verticals like government, financial services, insurance, health care and especially education. You wouldn’t have thought that education would be on that list, but we see a lot of universities targeted.
Threatpost: Why is that?
Aaron Higbee: Students are vulnerable. They’re required to put their Social Security Number into different forms, so they’re susceptible to being phished.
For the best summary of what to expect, surf over to the always informative and insightful blog by
Brian Krebs.
In this post he assesses the situation and offers some good advice and warnings for your users, particularly staff. This is required reading.
If you ever doubted why PCI requires you segment (read: isolate) your payment environment from other applications and systems in your environment, the Epsilon and
RSA data breach should make the wisdom of that requirement clear.
Have a read, then take a look at your own training to make sure you minimize the possible risk to your institution from the expected surge in phishing scams.