Intelligent CISO Issue 12 | Page 28

editor’s question LUIS GOMES, SENIOR SYSTEMS ENGINEER – AFRICA AT INFOBLOX W hen Ahmed woke up this morning, he followed his usual routine of checking his mobile phone that normally sits on the bedside table to check if he had any urgent text messages or missed calls. And then he saw it – credit card transactions using his card for online purchases while he was asleep. How could this happen? After investigation, he now knows the story. Recently he purchased an item from what he thought was a legitimate online merchant who was offering great deals. It was actually a spoofed website that captured his credit card details and now someone in the ‘cloud’ has abused his details. And how did he come across this website offering great deals? It was through an email addressed to him sitting in his inbox. This is the new 28 reality we live in and something people experience on a daily basis, where personal information and data become very valuable for people to try to exploit. This is the world of phishing and phishing attacks targeting many organisations and individuals in order to find ways to access data, in some cases with malicious intent. If you look at the evolution of phishing activity – from the old days of spray and prey in the sense of spam coming into your mailbox about a distant relative who wants to give you some inheritance as long as you pay him a small portion up-front, to the more sophisticated techniques like spear phishing and whaling attacks, where hackers do some research on the company, their executive layer and individuals they are targeting in the campaign. What organsations should be doing to mitigate their risk of phishing attacks starts with end user education across the entire business. There needs to be ‘security awareness days’ – sessions held to explain the risks of phishing emails and the potential harm to all staff needs to be an ongoing process which will eventually help mitigate these types of attacks. Organisations also need to be proactive and create a process on what needs to be done once an endpoint or device has been compromised and test that process in order to ensure all parties know it and know their part in remediating the compromised device. Technology is an important factor to help enforce security policies regarding email. The policies should consider what is allowed in terms of email attachments, type of content that gets received into the organisation etc. This will set the base line for limiting the exposure of what gets ‘through’ the email defences. The approach of an organisation should be to prevent this type of attack affecting your business. However, organisations also need to be proactive and create a process on what needs to be done once an endpoint or device has been compromised and test that process in order to ensure all parties know it and know their part in remediating the compromised device. Issue 12 | www.intelligentciso.com