The Phenomenon of Phishing Attacks - PowerPoint PPT Presentation

About This Presentation
Title:

The Phenomenon of Phishing Attacks

Description:

For high profile organizations and companies that collect and store sensitive information, this surge of phishing attacks is wildly disconcerting. In this case, your best response is full fledged security orchestration and automation. You simply cannot rely on one method of cyber defense to protect you from the intricacy of today’s phishing attacks. Visit - – PowerPoint PPT presentation

Number of Views:87

less

Transcript and Presenter's Notes

Title: The Phenomenon of Phishing Attacks


1
The Phenomenon of Phishing Attacks
  • How to Protect Yourself

2
Introduction
  • Phishing attacks are nothing new and a stalwart
    of the hacker repertoire. The proliferation of
    phishing attacks both simple and sophisticated
    continues to frustrate security professionals
    across the globe. Earlier this year, one of these
    phishing attacks came en masse in the form of
    fake Google Docs invites. As word of the phishing
    scheme spread, the need for a fast, orchestrated
    response was made clear.

3
What Is Phishing ?
  • In short, a phishing attack is an attempt to
    steal a persons private information (such as
    their social security numbers, credit card
    information or bank accounts) through a
    duplicitous email or other online communication.
    Although Google claims the attack only impacted
    less than 0.1 of Gmail users, the events
    catapulted a barrage of alerts and subsequently,
    dropped them on the doorstep of cybersecurity
    analysts and experts worldwide.

4
From Manual to Automated and Back
  • A typical mid to large enterprise is triaging
    dozens and often hundreds of phishing emails a
    day. The starting point to triage these attacks
    typically begins with the email itself or an
    alert from a Security Awareness tool (Phishme,
    etc.) or via a public phishing mailbox.

5
Manual Process When Attack Strikes
  • Once an attack strikes, typically an organization
    goes through this tedious, manual process
    involving the following steps
  • Log/tool queries
  • Assessing file reputation
  • Checking web intelligence of source IP
  • Checking file attachment validity
  • Blacklisting/Blocking confirmed phishing attacks
  • Manually opening updating ticketing systems
    throughout the process
  • Scrubbing email servers

6
Manual Process For Security Automation
  • Manual process steps are naturally suited for
    security automation. But it doesnt end there.
    To confidently address the full scope of Phishing
    attacks a broader Orchestrated response is
    essential. Consider an actual use-case where one
    of our customers experienced a rising volume of
    Phishing email attempts.

7
Sample Phishing Attack Use-Case
8
Manual Process For Security Automation
  • This approach combines the best of both worlds.
    Accelerating response through automation, yet
    interjects the analyst where need be, with fully
    contextualized cases, to confidently address all
    types of attacks. Organizations with an
    established protocol in place might be
    comfortable with relying on fully automated
    workflows for the majority or alerts and cases,
    while those who show more trepidation or would
    like analyst supervision can selectively
    semi-automate response based on rules or other
    integrations such as ticketing involvement

9
Orchestrate
  • For high profile organizations and companies that
    collect and store sensitive information, this
    surge of phishing attacks is wildly
    disconcerting. In this case, your best response
    is full fledged security orchestration and
    automation. You simply cannot rely on one method
    of cyber defense to protect you from the
    intricacy of todays phishing attacks.

10
Contextualize
  • Phishing attacks are known to be evasive for the
    reason that theyre transmitted through email
    accounts, and host content that appears to be
    genuine. Pictures and images in a phishing scam
    may be hardly discernible from an ordinary,
    harmless email. As well, when delivered through a
    popup ad, a phishing attack can strike from the
    user experience of the website youre visiting,
    meaning it may appear to be asking for pertinent
    and relevant information.

11
Conclusion
  • The premier fake Google doc phishing attack has
    only validated the FBIs April warning of email
    scams while putting the collective cybersecurity
    world on edge. This semi-automated approach which
    combines automation with full lifecycle case
    management within a broader orchestration
    solution arms security teams with the best of
    both worlds to address the growing volume of
    Phishing attacks.
Write a Comment
User Comments (0)
About PowerShow.com