Why Is It Cybersecurity Pros Make It Complicated?

We say things like: DO NOT CLICK ON Phishing emails!!

But then Equifax creates www.experianidentityservice.co.uk ???  or creditexpert.co.uk/login/login

Bsides in London earlier this year had a presentation by Meadow Ellis (@notameadow).

Meadow makes a good point, as we as Cybersecurity professionals ask users to be careful what you click, and then  somebody in the company makes a difficult to read domain name, since the easy ones are taken.

So if a user can at times be duped and then clicks on malware (let’s face it users will  never be 100% accurate) then we must assume that the hackers can go into one of our systems inside the firewall.

So this scenario describes why we need to have zero-trust network architecture, and in a zero-trust network, we assume the bad guys are everywhere, so it requires identity management to be hardened.

Assume that phishing will work eventually in your environment

Here is where tyhe phishing domains are actually coming from(Paloaltonetworks.com post):

You see the problem is all the hosting companies are in the USA  so as I mentioned all the attackers are already in our midst.

Your risk management and Cybersecurity plans need to reflect that.

Your marketing efforts should reflect a simple domain structure that makes sense so that when the phishing people try to scam your customers, they will hopefully see through the bad domains.

As per Isaca presentation: “State of Cybersecurity”  90% of all federal (US) breaches are started with a phishing email.

 

Contact us to discuss your cybersecurity risk management profile.

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.