Week one Discussion
5 hours ago
In this age of information technology, data protection has become a critical component and a priority for the companies. Advancements such as cloud computing and machine learning helped in the diversification of data. As a result, private data became for vulnerable to various attacks and scams. The above where employees are sent strange emails to extract personal information is called phishing. Although phishing are more common in the finance industry, IT sector is also prone to these attacks. Complex phishing schemes can involve a long game, with hackers using fake social media profiles, emails and more to build up a rapport with the victim over months or even years in cases where specific individuals are targeted for specific data which they would only ever hand over to people they trusted. To solve the above situation, the first thing that should be done is to identify the source of these emails. It can be a case of spear phishing where specific individuals or groups are targeted. So, identification of the source with the help of skilled individuals can help in solving the current problem. Once the current problem is solved, the company has to develop long term strategies to fight against these complex phishing schemes. Educating the employees about these emails and educating them in a simpler way can be starting step. For example in Microsoft, they have a tool where you can send out phish emails to your own organization to help train them on what phishing might look like, about how targeted it may be and to help understand who might need additional help in understanding how important it is to vet what you click on, and to only click on trusted emails and to only open up things that are trusted. A similar mechanism can be implemented with in the company. Using technology can be the next step where technology is used to block out as much as possible of those malicious emails. Apart from this, the company should develop various cyber strategies such as recruitment of high-skilled IT employees,cyber security behavior analytics, proactive monitoring and auditing capabilities. Companies with a fully implemented cyber strategy are better staffed and prepared for cyber attacks so given the above nature of attack the company should work on developing a fully functional cyber defense strategy to protect themselves from future attacks.
https://www.techrepublic.com/article/why-phishing-remains-a-critical-cyber-attack-vector/- by Dan Patterson