Bookmark and Share

Gone Phishing: Securing the Enterprise from Social Engineering Attacks

Moderator Selim Aissi and his group had an engaging discussion, which began with the overwhelming agreement that phishing is a serious problem and has been getting more difficult to prevent. The solution enterprises should look into pursuing is requiring a comprehensive anti-phishing program. The first aspect of the program should involve strong technical controls at the network and email level, such as the utilization of built-in filters or DMARC. Another aspect that must be considered is that phishing takes advantage of human weaknesses through social engineering, so it is crucial to train your employees to recognize these threats and promote company-wide awareness. Employees can be motivated to care about phishing through being awarded for due diligence, such as successfully navigating simulated phishing attacks, because it is better to instill a culture of learning and reacting versus one of punishing and demoralizing. For companies that receive a ton of malicious attachments, creating a forensic analysis program is wise, so security professionals can learn what these attachments are and establish correlations between which groups in the company are receiving them. The discussion ended as a few participants pointed out that the heads of organizations need to be invested in anti-phishing campaigns, especially considering the subject matter isn’t something people want to hear about or deal with until it happens to them.