I wrote an incredibly readable eBook on the most important challenge facing humankind IT. Give me ten minutes of your time, and by the end of “Anatomy of a Phish” you’ll have a complete grasp of how phishing attacks fool the average corporate employees into opening the castle door and letting sneaky advance persistent threat or APT malware run amok in your systems. It’s the perfect airport read for busy execs who need to quickly understand what the risks of phishing are and why conventional data security methods are ineffective.
In other words, as a non-technical decision maker you’ll be better armed to battle system admins who want to buy more virus detectors, more network loggers, etc., etc. What IT doesn’t get is that when hackers gain access to the security credentials of an internal user, as they do in a phish attack, all the standard methods for prevention and detection are invalidated. We now know that the hackers behind the Target breach–one of the largest in US history–was initiated by a simple phish mail!
And when phishing is coupled with APTs, which are designed to evade standard security monitoring, the hackers have an unusually long time to go through you corporate files, find the high-valued contents (credit card, social security numbers) and “exfiltrate” the data at their leisure. You’ll see how they use diabolical methods, such as WEBC2, to control the APTs and then export the breached data as innocent looking web traffic.
On another channel, I write about how file systems are rife with poorly permissioned files containing sensitive data that’s available to just about any user. And that’s why the phish attacks are so effective: with the access permissions of an average user and given enough time, the cyber thieves will hunt down the sensitive data–typically, because no one in your organization ever took the trouble to find what’s in all those folders with “everyone” permission.
The book is in convenient ePub format–looks great on iPads–and is available on iTunes.