ARCHIVED CONTENT
You are viewing ARCHIVED CONTENT released online between 1 April 2010 and 24 August 2018 or content that has been selectively archived and is no longer active. Content in this archive is NOT UPDATED, and links may not function.Extract from article by Adam Vincent
Even with a strong information-sharing community in place, there’s always one phish that’s going to slip through the net. When you’re dealing with the engineering of human behavior, it’s probably going to happen. In the case of business attacks, phishing emails are often designed to collect login details from employees. Once these logins are surrendered, the hacker is a step closer to accessing multiple company systems.
With the prevalence of poor password hygiene to boot, there’s an added possibility that credentials have been reused across multiple other platforms. A single successful phish can open up the whole enterprise to attack.
As a security professional, you’re going to want a system in place to monitor activity across all security channels and infrastructure. Firewalls and anti-virus can only get you so far. Instead, companies need to collect information and analyze it for potentially dangerous activity.
It may be a few hours before a phishing-related breach is reported, but in that time, a fully automated threat intelligence system can gather and assess indicators of unusual activity, alert the security team and initiate a response.
Phishing can unlock a considerable amount of resources to a hacker. Businesses must have a complete and automated view of everything in their system, or they could be gutted before they’ve had time to think.
Read the complete article at Phishing – Why We Keep Getting Netted