Scribd Logo
Upload

Welcome to Scribd!

  • Preventing Successful Spear Phishing Attacks: Defense-In-Depth

    Uploaded by

    lazaro Moura
    27 views2 pages
    To mitigate spear phishing attacks, organizations should implement defense-in-depth security measures, avoid publicly listing all employee email addresses, regularly scan for exposed credentials online, train users on security awareness and simulated phishing exercises, and remember to think before clicking links or attachments in emails. Spear phishing was the costliest fraud type in 2019 according to a fraud center report, resulting in over $21 million in losses averaging over $48,000 per successful attack, likely targeting businesses. Ongoing security awareness training helps employees recognize even targeted phishing attempts.

    Original Description:

    Original Title

    Spear Phishing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    To mitigate spear phishing attacks, organizations should implement defense-in-depth security measures, avoid publicly listing all employee email addresses, regularly scan for exposed credentials online, train users on security awareness and simulated phishing exercises, and remember to think before clicking links or attachments in emails. Spear phishing was the costliest fraud type in 2019 according to a fraud center report, resulting in over $21 million in losses averaging over $48,000 per successful attack, likely targeting businesses. Ongoing security awareness training helps employees recognize even targeted phishing attempts.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    27 views2 pages

    Preventing Successful Spear Phishing Attacks: Defense-In-Depth

    Uploaded by

    lazaro Moura
    To mitigate spear phishing attacks, organizations should implement defense-in-depth security measures, avoid publicly listing all employee email addresses, regularly scan for exposed credentials online, train users on security awareness and simulated phishing exercises, and remember to think before clicking links or attachments in emails. Spear phishing was the costliest fraud type in 2019 according to a fraud center report, resulting in over $21 million in losses averaging over $48,000 per successful attack, likely targeting businesses. Ongoing security awareness training helps employees recognize even targeted phishing attempts.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Preventing Successful Spear Phishing

    Attacks
    Now, how to mitigate against attacks like this? There is no single approach that will stop this
    threat, but here is what you need to do to be a hard target for criminals:

     First of all, you need all your defense-in-depth layers in place. Defending against


    attacks like this is a multi-layer approach. The trick is to make it as hard as possible for
    the attacker to get through and to not rely on any single security measure to keep your
    organization safe. 
     Do not have a list of all email addresses of all employees on your website, use a
    web form instead.
     Regularly scan the Internet for exposed email addresses and/or credentials, you
    would not be the first one to find one of your user’s username and password on a crime
    or porn site.
     Never send out sensitive personal information via email. Be wary if you get an email
    asking you for this info and when in doubt, go directly to the source.
     Enlighten your users about the dangers of oversharing their personal information on
    social media sites. The more the bad guys know, the more convincing they can be
    when crafting spear phishing emails.
     Users are your last line of defense! They need to be trained using new-school security
    awareness training and receive frequent simulated phishing emails to keep them on their
    toes with security top of mind. We provide the world's largest content library of security
    awareness training combined with best in class pre- and post simulated phishing
    testing. Since 91% of successful attacks use spear phishing to get in, this will get you by
    far the highest ROI for your security budget, with visible proof the training works!

    ...and ALWAYS remember to Think Before You Click!

    According to the Canadian Anti-Fraud Centre’s (CAFC) latest report, spear-phishing in 2019 was
    the number fraud one attack type based on total dollar loss:

     Spear Phishing was responsible for over $21 Million in reported losses – the highest of
    any fraud category in their report
     It also represented the highest loss/attack, at a little over $48,000 per attack.

    Spear phishing requires some initial diligence to identify victims, proper scam messaging, and
    contextual details to ensure the scam seems real to the victim. So, given the high average loss in
    each attack, it’s less likely these are individuals reporting successful scams, but businesses,
    being attacked.

    It should also be noted that according to the CAFC, they estimate that only 5% of all fraud
    cases are reported, potentially multiplying the losses by a factor of 20!
    Businesses need educated employees that are savvy to the ways of cybercriminals. Those
    organizations that put employees through continual online Security Awareness Training are best
    equipped with the knowledge necessary to see through even the most detailed and targeted of
    scams, and to protect the organization by failing to fall for the phish – even one that’s designed
    for a specific individual, role, or company.

    You might also like