Every year the Oxford English Dictionary publishes a list of new words to be included in its latest edition. Although I haven't actually checked, my guess is that 'phising' is now formally inducted into the English language. That said, even if many of us are familiar with the word, how many really understand it? and more importantly the implications of a 'phishing attack' in its various guises.
In essence it is a confidence trick designed to provide a would be attacker with the keys to the kingdom. No brute force here, just a piece of carefully crafted social engineering that can make fools of pretty much any one of us.
Ransomeware is the latest mode of attack to utilise 'phishing' as its means of gaining a presence in an organisation. With cyber extortion set to become a $1bn business, it is going to pay companies to do all they can to ensure all their employees are alert to the likelihood of a phising attack.
Foregenix is working with Thinkst Applied Research to ensure that enterprises are 'incident ready'. Part of this involves the provision of phishing attack simulations using phish5, a solution that is easy to set up and scalable to many thousands of users. Undertaking simulations is by far an away the best way of keep employees on their toes and would be attackers at bay.
But with such high sums to be earned it is only a matter of time before more IT-savvy companies are held to ransom. Yet the protection methods remain the same: good network management and the employment of users who are educated in potential threats they may come across. Simple training for users on how to detect and deal with phishing emails would be a huge step forward. Couple this with an understanding of what ransomware is and how it operates would demystify the problem.For me it comes back to having good cyber hygiene and a healthy cyber security culture within your organisation. This is not difficult to achieve and is cost effective compared to the $1 billion we are set to give away this year.