Dissection of a Phishing Attack, Part 2
    
    by Scott Lewis
What should you do to prepare for a security breach, whether it is from a phishing attack or some other form of system breach?  The basic rule of thumb is; it is much cheaper to prepare for a breach than to react to one or clean up after one.  According to a 2019 Gillware report, industry experts are predicting Cybercrime to be a $6 Trillion-dollar business by 2021 and companies will spend more than 1 Trillion dollars on countermeasures to protect themselves. Where should you start to focus your attention when it comes to preparing for a security breach? According to Gillware, here are some primary areas to consider: 
- Consider compliance. Just about every industry, Federal and state have compliance measures that you have to consider, such as regulations like GDPR (General Data Protection Regulation) and the Health Insurance Portability and Accountability Act (HIPAA) to name a couple.  GDPR is one that is starting to catch many American based companies by surprise because it is already in effect. It affects any company that processes individual data of European Union citizens even if that citizen lives in the United States.
- Create an incident response plan. The incident response plan should outline how your company is going to respond in the event a breach is suspected or confirmed. The program should describe the roles and responsibilities of senior executives. They are going to be the point person for coordination and information dissemination. Who is going to talk to the press if that is required? Who is going to be responsible for the collection or remediation processes and damage control? Your response plan could also outline who and how those remediation and confirmation steps are going to be addressed and implemented.
- Use blockchain and artificial intelligence. The speed at which emerging threats are identified is increasing daily. The countermeasures put in place are now becoming more and more critical. When it comes to security, one of the things to consider is not making yourself the most natural target on the block. You do this by keeping your security devices and software up to date. 
Practicing good policies and employee training is vital. With emerging threats today, the methods being undertaken by scammers to gain access to the use of artificial intelligence to look for patterns and analyze risks is increasingly becoming critical to overcoming these emerging threats. Products like the Bandura Advanced Threat Assessment appliance is an example of using AI to bolster your security.
- Protect your email system. Your email system continues to be the favorite spot for phishing attacks and other viruses such as crypto and ransomware, along with a multitude of other malware and viruses.  Office 365 E5 plan users can take advantage of the anti-phishing in the Security and Compliance center within your Office 365 portal. There are instructions in the user portal on how to configure for your application. In-house systems have many tools to choose from, companies like Symantec, Barracuda, and many others offer advance phishing detection and prevention features. Remember no single device will protect you. Security is a layered approach with several nets to trap the many threats that are out there. Don’t put all your eggs in one basket. Think big and broad when it comes to securing your email.  
- Stop data breaches before they start, this starts with having good employee policies, ongoing training for employees, and testing of employees to identify those who may be more susceptible to phishing and security attempts. Be proactive in keeping your systems up to date. Don’t have outdated hardware or software. Owners have to have the fortitude to enforce the policies consistently across your entire organization.   
Some other interesting historical facts about phishing, according to the IT Governance Institute.
- The lifecycle of a phishing site on average is under 15 hours. The lifecycle of the phishing sites continues to shrink due to prevention and detection methods. So the need for scammers to increase the volume of phishing attempts is required so they can penetrate new detection and artificial intelligence protocols. 
- Almost all phishing URL’s are within benign domains. Phishing scammers don’t use static web pages any longer, primarily because they are easy to detect and block. Now, hackers prefer to use a single page of benign sites and merely replace that page with a phishing page. These are much harder to detect due to their legitimate appearance thus resulting in more phishing emails that get through. So, if your company is on a blacklist, one thing you might do is make sure that your website has not been compromised and is now a phishing site.  
- An average of over 400,000 phishing sites are detected each month. Due to better countermeasures, the short lifecycle of phishing sites has ballooned the number of phishing sites to an incredible new level.  The number of new phishing sites is expected to continue to grow.  
- Google, PayPal, Yahoo, and Apple are the most impersonated companies. In most cases, for a phishing scam to be successful, there must be brand recognition. So some of the largest companies and most recognizable companies are often used to exploit the human condition of familiarity to get responses from potential victims.   
To be continued next month…
Scott Lewis is the President and CEO of Winning Technologies Group of Companies which includes Liberty One Software. Scott has more than 35 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with hundreds of large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management, and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.