Page 99 - Cyber Warnings
P. 99







Three Tips to Avoid Going Phishing

By Travis Rosiek, CTO, Tychon


It’s an old trick in the physical world. Getting into a secured building is easiest if an infiltrator can
get an authorized person to open the door for them. No need to pick locks or smash windows.
Just dress like a workman or hold a big bag of groceries and some unsuspecting person will
helpfully hold the door. It’s little different in network security these days. With potentially
thousands of legitimate users accessing secure networks every day, the new trick is to get one
of them to unknowingly crack open the defenses.

The technique used to do this is called phishing, and it’s constantly found to be one of the top
ways networks get compromised. Sometimes called spear phishing if it’s especially targeted,
phishing is almost always delivered as an email that either looks to be from inside the company
or from a trusted or innocuous source. It invites users to either click on a malicious link, open an
infected attachment or to provide some type of security or personal information like their
password. Sadly, even among a well-trained workforce, it’s surprisingly successful. The best
attackers know how to manipulate people, and then use social engineering and research
through social media and other sources to up their odds.

In fact, at a recent cyber-terrorism summit in New York, Homeland Security Secretary Jeh
Johnson called it out, saying that “The most devastating attacks by the most sophisticated
attackers almost always begin with the simple act of spear phishing.” But as prolific as they are,
phishing attacks are not invincible. With the proper planning and tools, they can be defeated just
like any other type of attack.

1) Plan for a Phishing Trip

The best time to defeat a phishing attack is before it begins. It’s a great idea to train users to try
to make them aware of the dangers, but you can never rely on that. The best attackers can
mimic an email from the CEO, or human resources, or even colleagues. You can ask users to
report suspected phishing emails – though according to the 2016 Verizon Data Breach Report
this is seldom done - so that even if someone clicks on it, others may at least bring it to the
attention of IT. But someone will almost always take the bait.

By assuming that some users will eventually fall for a phishing attack, IT teams can plan how
they will respond from the perspective of knowing that it will happen, not that it’s just a
possibility. Security Operations Center (SOC) teams can thus plan how to diagnose and triage
an attack by putting tools in place to do things like analyzing who is sending and receiving
emails at scale. Incorporate all network security tools into that plan, so that any threat, no matter
how initially triggered, can be contained and mitigated.

2) Phishing Post Mortem

Organizations should leverage a next generation email security platform along with a capability
that allows for retrospective analysis of phishing emails after an attack. This will allow the ability
99 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   94   95   96   97   98   99   100   101   102   103   104