editor’s question
LUIS GOMES,
SENIOR SYSTEMS
ENGINEER –
AFRICA AT
INFOBLOX
W
hen Ahmed woke
up this morning,
he followed his
usual routine
of checking his
mobile phone that
normally sits on
the bedside table to check if he had any
urgent text messages or missed calls.
And then he saw it – credit card
transactions using his card for online
purchases while he was asleep. How
could this happen? After investigation,
he now knows the story.
Recently he purchased an item from
what he thought was a legitimate online
merchant who was offering great deals.
It was actually a spoofed website that
captured his credit card details and now
someone in the ‘cloud’ has abused his
details. And how did he come across
this website offering great deals?
It was through an email addressed to
him sitting in his inbox. This is the new
28
reality we live in and something people
experience on a daily basis, where
personal information and data become
very valuable for people to try to exploit.
This is the world of phishing and
phishing attacks targeting many
organisations and individuals in order to
find ways to access data, in some cases
with malicious intent.
If you look at the evolution of phishing
activity – from the old days of spray and
prey in the sense of spam coming into
your mailbox about a distant relative
who wants to give you some inheritance
as long as you pay him a small portion
up-front, to the more sophisticated
techniques like spear phishing and
whaling attacks, where hackers do some
research on the company, their executive
layer and individuals they are targeting in
the campaign.
What organsations should be doing to
mitigate their risk of phishing attacks
starts with end user education across
the entire business.
There needs to be ‘security awareness
days’ – sessions held to explain the
risks of phishing emails and the potential
harm to all staff needs to be an ongoing
process which will eventually help
mitigate these types of attacks.
Organisations
also need to be
proactive and create
a process on what
needs to be done
once an endpoint
or device has been
compromised and
test that process
in order to ensure
all parties know it
and know their part
in remediating the
compromised device.
Technology is an important factor to
help enforce security policies regarding
email. The policies should consider what
is allowed in terms of email attachments,
type of content that gets received into
the organisation etc. This will set the
base line for limiting the exposure of
what gets ‘through’ the email defences.
The approach of an organisation should
be to prevent this type of attack affecting
your business. However, organisations
also need to be proactive and create
a process on what needs to be done
once an endpoint or device has been
compromised and test that process
in order to ensure all parties know it
and know their part in remediating the
compromised device.
Issue 12
|
www.intelligentciso.com