Guarding the Gateways: The Essential Role of Security

What is Phishing (Focus on phishing emails and targeted attacks that include spear phishing and whaling)?

Phishing is the method used to get sensitive user information by a malicious attacker who pretends to be a trustworthy entity. Spear phishing is the most common method of attack used where the attacker targets the organization and a specific user (Canfield, 2017). Phishing allows the attacker to know the username and password of the users and using that; they can steal data or do any other malicious activity that will hurt the image of the organization.

What “bad things” can happen when a successful phishing attack gives outsiders access to company networks and computers?

Ø When a successful phishing attack gives the user access to Sifers-Grayson network and computer, they will have control of critical operation which will be bad for the organization. That can include financial data and secrets of the organization.

Ø One bad thing includes theft of critical data which the attacker can trade to other people hence exposing the secrets of the organization. They can also manipulate the data to their benefit.

Ø The second bad thing includes paralyzing the operations of Sifers-Grayson. The attacker having access to the network can upload malware to the system that will cause systems used in the organization to misbehave.

Ø Access to networks and computers allows the attacker to monitor the activities going on in the organization.

How can employees avoid “biting” on a “phish?”

1. Employees should be evaluating messages and data they receive. Evaluation can help to ensure the communication channel is secure they can identify when they have been attacked.

2. Sifers-Grayson should also train all its employees on ways they can use to identify phish and any malicious activity. Training employees ensure they are aware of how an attack looks like, how to respond to phishing attacks and ways they can use to avoid attacks (Jensen, 2017).

3. Sifers-Grayson should also install phishing detection system. All the critical system and those that are more likely to be attacked should have a phishing detection system. The system helps to provide an extra layer of security that will help to monitor, identify and notify the administrator when there is a malicious activity (Mishra, 2018).

How should employees report phishing attacks? Why is immediate reporting critical to stopping the attackers?

They should physically go to the system and network administrator. Since they do not know the extent of the compromise and which communication channel is secure, physically reporting is safe. Immediate reporting helps the administrator to assess what was compromised and the short and long terms measure to take. It will also ensure the attackers do not access the network again since the loophole will have been filled.

References.

Canfield, C. I., & Fischhoff, B. (2017). Setting Priorities in Behavioral Interventions: An

Application to Reducing Phishing Risk. Risk Analysis.

Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate phishing

attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), 597-626.

Mishra, A., & Gupta, B. B. (2018). Intelligent phishing detection system using similarity

matching algorithms. International Journal of Information and Communication Technology, 12(1-2), 51-73.