O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

PHISHING PROTECTION

141 visualizações

Publicada em

Looking at the different components an organisation should consider to fight Phishing attacks and build a successful Phishing protection program

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

PHISHING PROTECTION

  1. 1. CYBER SECURITY PHISHING PROTECTION HOW TO START A PROGRAM VERSION: 1.5 DATE: 26/06/2019 AUTHOR: SYLVAIN MARTINEZ REFERENCE: ESC17-MUSCL CLASSIFICATION: PUBLIC
  2. 2. 2 • Presentation goal; • Phishing Statistics; • Incident cost; • Phishing protection benefits; • Phishing definition; • Spear Phishing definition; • Phishing email – From the outside; • Phishing email – From the inside; • Phishing Website – From the outside; • Phishing Website – From the inside; • Phishing protection program overview; • Training overview; • Training – Awareness campaign; • Training – Guidelines; • Testing overview; • Testing – URLS; • Testing – Attachments; • Testing – Phishing simulation planning; • Detection overview; • Detecting – Manual detection; • Detecting – Automated detection; • Protecting overview; • Protecting – Warn; • Protecting – Block; CONTENTS PUBLIC CONCLUSIONDEFENCESAWARENESSPROGRAMCONTEXT • Key Take Away; • Get Started; • Extra Resources.
  3. 3. PRESENTATION GOAL 3 LEARN HOW TO START AN ANTI-PHISHING PROGRAM 3 LEARN ABOUT DIFFERENT TYPE OF PHISHING PROTECTIONS 2 LEARN ABOUT DIFFERENT TYPE OF PHISHING ATTACKS 1 TO LEARN ABOUT PHISHING PROTECTION SOLUTIONS CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT Icons: from The Noun Project unless stated otherwisePUBLIC
  4. 4. PHISHING STATISTICS 4Source: hostingtribunal.com - June 2019PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT ALL EMAILS 45% ARE SPAM SPAM 14.5 BILLION EVERY DAY GROWTH 65% PHISHING IN 2018 MALWARE 92% EMAIL DELIVERED PHISHING EMAIL 16 MONTHLY PER USER PHISHING OPEN 30% BY TARGETED USERS PHISHING CLICK 12% BY TARGETED USERS PHISHING SITES 1.5 MILLION NEW EVERY MONTH
  5. 5. INCIDENT COST 5 ELYSIUMSECURITY INVESTIGATIONS MAURITIUS JANUARY 2018 – JUNE 2019 80% FINANCIAL FRAUD 20% RANSOMWARE 100% PHISHING JAN 2018 MAY 2018 AUG 2018 APR 2019 MAY 2019 JUNE 2019 $0.5M $1M $2M $0.5M $1M $0.5M AVERAGE COST PER DATA BREACH AVERAGE COST PER PHISHING ATTACK DATA BREACHES FROM PHISHING ATTACKS AVERAGE DETECTION TIME $3.86M $1.6M 95% 197 DAYS WORLDWIDE WORLDWIDE STATS FROM SAFEATLAST.CO AND RETRUSTER.COM – JUNE 2019PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  6. 6. PHISHING PROTECTION BENEFITS 6PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT IMPROVED SECURITY REDUCED PHISHING COSTIMPROVED AWARENESS KNOW PHISHING RISKS BETTER PHISHING DETECTION FOLLOW BEST PRACTISE STAFF BETTER PROTECTED BETTER EMAIL PROTECTION INCREASED ATTACK VISIBILITY LOWER PHISHING SUCCESS RATE LIMITED PHISHING IMPACT COST REDUCED/AVOID FINES
  7. 7. PHISHING DEFINITION 7PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT PHISHING IS A TYPE OF SOCIAL ENGINEERING ATTACK USED TO STEAL SENSITIVE INFORMATION SUCH AS PASSWORDS OR FINANCIAL DETAILS ATTACKERS PRETEND TO BE A TRUSTED ENTITY TO PUSH VICTIMS INTO OPENING FRAUDULENT LINKS OR ATTACHMENTS. THIS IS A GENERIC ATTACK USING COMMON MESSAGES THAT MAY BE RELEVANT TO THE VICTIMS CONTRIBUTING TO THEIR FALSE SENSE OF TRUST
  8. 8. SPEAR PHISHING DEFINITION 8PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT SPEAR PHISHING IS AN ADVANCED TYPE OF SOCIAL ENGINEERING ATTACK USED TO STEAL SENSITIVE INFORMATION SUCH AS PASSWORDS OR FINANCIAL DETAILS ATTACKERS PRETEND TO BE A TRUSTED ENTITY TO PUSH VICTIMS INTO OPENING FRAUDULENT LINKS OR ATTACHMENTS THIS IS A VERY FOCUSED ATTACK USING SPECIFIC MESSAGES WITH PERSONAL AND RELEVANT INFORMATION TO THE VICTIMS INCREASING THEIR FALSE SENSE OF TRUST
  9. 9. PHISHING EMAIL - FROM THE OUTSIDE 9PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT LOOKS AND SOUNDS LEGETIMATE
  10. 10. PHISHING EMAIL - FROM THE INSIDE 10PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT WARNING SIGNS IF YOU KNOW WHERE TO LOOK!
  11. 11. PHISHING WEBSITE - FROM THE OUTSIDE 11PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  12. 12. PHISHING WEBSITE- FROM THE INSIDE 12PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT YOUR CREDENTIALS ARE INTERCEPTED AND SENT… TO THE WRONG PLACE / PERSON!
  13. 13. PHISHING PROTECTION PROGRAM OVERVIEW 13PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT CAMPAIGN #1 PHISHING MOST COMMONALL STAFF GENERIC INEXPENSIVE AUTOMATED SIMPLE ATTACK CAMPAIGN #2 SPEAR PHISHING LEAST COMMONKEY STAFF TARGET TAILORED EXPENSIVE MANUAL COMPLEX ATTACK TRAINING GUIDELINES AWARENESS CAMPAIGN TESTING OPEN ATTACHMENT CLICK URL DETECTING AUTOMATEDMANUAL PROTECTING BLOCKWARN {elysiumsecurity} PHISHING PROTECTION PROGRAM
  14. 14. TRAINING OVERVIEW 14PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT TRAINING GUIDELINES AWARENESS CAMPAIGN SOME PHISHING WILL ALWAYS GO THROUGH CYBER DEFENCES1 USER AWARENESS IS YOUR FIRST DEFENCE AGAINST PHISHING2 TRAIN YOUR USERS TO UNDERSTAND PHISHING RISKS AND LOOKS3
  15. 15. TRAINING - AWARENESS CAMPAIGN 15PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT RELEVANT TO YOUR CORPORATE RISK PROFILE 1 COORDINATED WITH CORPORATE COMMUNICATION 2 LINKED TO WIDER CYBER SECURITY AWARENESS 3 MIX OF IN PERSON AND DIGITAL DELIVERY 4 SET AND REVIEW KEY PERFORMANCE INDICATORS 7 REGULAR AND REPEATED 6 USE OF RELATABLE EXAMPLES 5 RESULTS FEEDBACK CAN BE A TRAINING TOOL 8 CHEAT SHEET 10 POSTER 9
  16. 16. TRAINING - GUIDELINES 16PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT DO THINK BEFORE YOU CLICK 1 DO CHECK EMAIL PROVENANCE 2 DO CHECK EMAIL CONTEXT 3 DO BE CAREFUL OF DISAPEARING EMAILS 4 DO NOT IGNORE SECURITY WARNINGS 7 DO NOT USE WORK EMAIL FOR PERSONAL PURPOSE 6 DO REPORT SUSPICIOUS EMAILS 5 DO NOT OPEN UNEXPECTED ATTACHMENT 8 DO NOT ENTER PASSWORDS FROM URL IN EMAILS 10 DO NOT CLICK UNEXPECTED URL 9 DO DO NOT
  17. 17. TESTING OPEN ATTACHMENT CLICK URL TESTING OVERVIEW 17PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT VALIDATE AWARENESS CAMPAIGN EFFICIENCY1 IDENTIFY MOST VULNERABLE USERS2 USE PHISHING SIMULATION TOOLS3
  18. 18. TESTING - URLS 18PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT GENERIC EMAIL CONTEXT1 SPECIFIC EMAIL CONTEXT6 REDIRECT TO GENERIC MESSAGE4 OBVIOUS SUSPICIOUS URL2 ONLY SIMULATE CLICK BAIT3 RECORD VICTIM DETAILS5 DIFFICULT TO SPOT URL7 RECORD VICTIM DETAILS AND STATISTICS10 SIMULATE PORTAL CREDENTIAL STEALTH8 REDIRECT TO AWARENESS CAMPAIGN9 START FINISH
  19. 19. TESTING - ATTACHMENTS 19PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT GENERIC EMAIL CONTEXT1 SPECIFIC EMAIL CONTEXT6 REDIRECT TO GENERIC MESSAGE4 OBVIOUS SUSPICIOUS ATTACHMENT2 ONLY SIMULATE CLICK BAIT3 RECORD VICTIM DETAILS5 DIFFICULT TO SPOT ATTACHMENT7 RECORD VICTIM DETAILS AND STATISTICS10 SIMULATE MALWARE INSTALLATION8 REDIRECT TO AWARENESS CAMPAIGN9 START FINISH
  20. 20. TESTING – PHISHING SIMULATION PLANNING 20PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT LIST TARGETED USERS (ALL / FEW) 1 EMAIL SCOPE (SAME VERSION FOR ALL?) 2 CLEAR GOALS AND TIMELINE 3 VICTIM MESSAGE READY 4 ANALYSE RESULTS AND ADAPT 7 ESTABLISH BASELINE (GENERIC ATTACK) 6 INFORM STAFF PRIOR STARTING 5 REFINE TEMPLATES 8 SPEAR PHISHING TEST WHEN MATURE ENOUGH 10 BEWARE OF GDPR/DPA WHEN USING 3rd PARTY 9
  21. 21. DETECTING AUTOMATEDMANUAL DETECTING OVERVIEW 21PUBLIC MONITOR EMAIL SECURITY1 ENABLE AND ENHANCE PHISHING VISIBILITY2 FACILITATE PHISHING INCIDENT RESPONSE3 CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  22. 22. DETECTING - MANUAL DETECTION 22PUBLIC REVIEW LOGS FOR SUSPICIOUS EMAIL LOGINS 1 REVIEW LOGS FOR SUSPICIOUS EMAIL ACTIVITIES 2 REVIEW NETWORK SECURITY ALERTS 3 REVIEW SYSTEM SECURITY ALERTS 4 ENABLE A SIMPLE PHISHING REPORTING MECHANISM 5 CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  23. 23. DETECTING - AUTOMATED DETECTION 23PUBLIC ENABLE ANTI PHISHING FILTERS 1 CONFIGURE AND TUNE ANTI PHISHING FILTERS 2 SUBSCRIBE TO BLACKLIST SERVICES 3 BASELINE EMAIL ACTIVITIES AND ORIGIN 4 IMPOSSIBLE LOGIN DETECTION SETUP 5 CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  24. 24. PROTECTING BLOCKWARN PROTECTING OVERVIEW 24PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT REDUCE PHISHING RELATED INCIDENT1 ALERT USER OF POTENTIAL PHISHING ATTACKS2 BLOCK IDENTIFIED PHISHING ATTACKS3
  25. 25. PROTECTING - WARN 25PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT IDENTIFY AND VISUALLY LABEL EXTERNAL EMAILS 1 IDENTIFY AND VISUALLY LABEL POTENTIAL IMPERSONATION 2 MOVE SUSPICIOUS EMAILS TO QUARANTINE/SPAM FOLDER 3 WARN USERS OF SUSPICIOUS EMAIL LOGIN ACTIVITIES 4 WARN EMAIL ADMIN OF EMAIL RULES CREATION 5
  26. 26. PROTECTING - BLOCK 26PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT BLOCK REPORTED EMAIL ADDRESSES 1 BLOCK REPORTED WEBSITES, DOMAINS AND IP 2 BLOCK IDENTIFIED BAD URL AND ATTACHMENT 3 PROACTIVELY BLOCK SIMILAR DOMAIN 4 PROACTIVELY REGISTER SIMILAR DOMAIN 5
  27. 27. KEY TAKE AWAY 27 PHISHING IS THE MOST COMMON ATTACK VECTOR TODAY 1 BE AWARE OF PHISHING VERSUS SPEAR PHISHING 2 AWARENESS IS KEY3 IMPORTANCE OF PHISHING PROTECTION4 IMPORTANCE OF EMAIL ACCESS PROTECTION5 PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  28. 28. GET STARTED 28 STAY INFORMED OF PHISHING CAMPAIGNS1 REMIND STAFF OF PHISHING RISKS2 USE SECURE EMAIL PROVIDER3 ENFORCE EMAIL PROTECTIONS4 DEFINE AND IMPLEMENT A PHISHING PROTECTION PROGRAM 5 PUBLIC CONCLUSIONDEFENSESAWARENESSPROGRAMCONTEXT
  29. 29. EXTRA RESOURCES 29 CONCLUSIONCASE STUDYHANDLINGSTRUCTURECONTEXT TRAINING PUBLIC AVERAGE COST $10 / YEAR / USER / NO CUSTOMISATION GARTNER COMPARE DIFFERENT OFFERINGS https://www.gartner.com/reviews/market/security-awareness-computer-based-training/ SIMULATOR AVERAGE COST FREE - $10 / YEAR / USER PHISHING READINESS THIS IS A PRODUCT BY SYMANTEC https://www.symantec.com/products/phishing-readiness KNOWBE4 THIS IS A COMPANY BY KEVIN MITNICK https://www.knowbe4.com/ MICROSOFT ATTACK SIMULATOR – ATP PLAN 2 https://docs.microsoft.com/en-us/office365/securitycompliance/attack-simulator GOPHISH OPENSOURCE AND PROFESSIONAL VERSIONS https://getgophish.com/ TREND MICRO FREE AND PAID SUBSCRIPTION https://cofense.com/simulator-small-business-edition COFENSE BOUGHT MARKET LEADER CALLED PHISHME.COM https://cofense.com/simulator-small-business-edition CYBERAWARE FREE RESOURCES https://free.thesecurityawarenesscompany.com/downloads/category/videos/ SANS CAN BE EXPAMSIVE BUT ALSO HAS FREE RESOURCES https://www.sans.org/security-awareness-training ESET CLAIMS TO BE FREE BUT MAY HAVE SOME HIDDEN COST https://www.eset.com/us/cybertraining/ TREND MICRO ALSO OFFERS WIDER CYBER SECURITY TRAINING https://phishinsight.trendmicro.com/en/training MIMECAST ALSO OFFERS WIDER CYBER SECURITY TRAINING https://www.mimecast.com/content/phishing-awareness
  30. 30. © 2015-2019 ELYSIUMSECURITY LTD ALL RIGHTS RESERVED HTTPS://WWW.ELYSIUMSECURITY.COM CONSULTING@ELYSIUMSECURITY.COM ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY PROVIDES PRACTICAL EXPERTISE TO IDENTIFY VULNERABILITIES, ASSESS THEIR RISKS AND IMPACT, REMEDIATE THOSE RISKS, PREPARE AND RESPOND TO INCIDENTS AS WELL AS RAISE SECURITY AWARENESS THROUGH AN ORGANIZATION. ELYSIUMSECURITY PROVIDES HIGH LEVEL EXPERTISE GATHERED THROUGH YEARS OF BEST PRACTICES EXPERIENCE IN LARGE INTERNATIONAL COMPANIES ALLOWING US TO PROVIDE ADVICE BEST SUITED TO YOUR BUSINESS OPERATIONAL MODEL AND PRIORITIES. ELYSIUMSECURITY PROVIDES A PORTFOLIO OF STRATEGIC AND TACTICAL SERVICES TO HELP COMPANIES PROTECT AND RESPOND AGAINST CYBER SECURITY THREATS. WE DIFFERENTIATE OURSELVES BY OFFERING DISCREET, TAILORED AND SPECIALIZED ENGAGEMENTS. ELYSIUMSECURITY OPERATES IN MAURITIUS AND IN EUROPE, A BOUTIQUE STYLE APPROACH MEANS WE CAN EASILY ADAPT TO YOUR BUSINESS OPERATIONAL MODEL AND REQUIREMENTS TO PROVIDE A PERSONALIZED SERVICE THAT FITS YOUR WORKING ENVIRONMENT.

×