EDITOR ’ S question
CAM ROBERSON , VP OF CHANNEL , BEACHHEAD SOLUTIONS
ncreasingly sophisticated , deceptive
I and personal cyberthreats like catphishing and spearphishing require a layered security strategy that includes technology , education and policy . On the technology side , you need advanced email security that can be your first line of defence for detecting and blocking these phishing attempts before they start . You also need – and it should be a given at this point – Multi-Factor Authentication across all critical accounts and systems ( whether personal or business ). Getting a step more technical , regular vulnerability assessments ( and patching schedules ) can be established to mitigate attackers ’ potential entry points .
Control of who has access to what data is also critical to the prevention part of these attacks . I call it ‘ reducing threat surfaces ’. If someone unwittingly becomes a phishing target , ensuring they can only access necessary data limits the threat ’ s scope . It ’ s critical to restrict access to just data that ’ s required , which can be done using various authentication methods , layered encryption and , when necessary , remotely wiping data .
While the right technology is mandatory , the human element can ’ t be overlooked – especially with an emotion-tugging attack vector like catphishing . Comprehensive security awareness training is often a critical component to avoid
While the right technology is mandatory , the human element can ’ t be overlooked – especially with an emotion-tugging attack vector like catphishing .
There needs to be a clear plan for how to handle sensitive information and communication channels .
trouble later on . Businesses should make such programmes mandatory and be sure that their organisations ’ most prominent individuals ( who are perhaps most likely to be approached ) don ’ t ignore the responsibility . This training should educate folks on recognising and responding appropriately to the latest social engineering tactics they are always evolving – catphishing included . Often , simulated phishing exercises can reinforce this training and better enable individuals to identify and report anything suspicious before it starts jeopardising themselves and their company .
Policies and procedures are the third leg of preventing catphishing and similar threats . There needs to be a clear plan for how to handle sensitive information and communication channels . Policies should outline strict guidelines for verifying the authenticity of requests for data , financial transactions and anything else that absolutely cannot go to someone who shouldn ’ t have access . Everyone , but perhaps prominent individuals in particular , should also be especially cautious when sharing personal information online and really ought to limit their digital footprint where possible , to minimise potential attack vectors .
By implementing a layered security strategy that combines technical controls , employee education and thorough policies , individuals can significantly reduce their exposure ( and their company ’ s exposure ) to catphishing and other social engineering threats , safeguarding sensitive information and assets .
30 WWW . INTELLIGENTCISO . COM