Federal Information Systems Security Education Association Spear - - PowerPoint PPT Presentation

federal information systems security education association
SMART_READER_LITE
LIVE PREVIEW

Federal Information Systems Security Education Association Spear - - PowerPoint PPT Presentation

Oct 22, 2023 340 likes •441 views

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

slide-1
SLIDE 1

Federal Information Systems Security Education Association

Spear Phishing

slide-2
SLIDE 2

Secure Solutions from Security Professionals

For Official Use Only

Agenda

 Definition of spear phishing  Why is spear phishing so valuable to attackers  Spear phishing defenses / countermeasures  Training concepts and delivery

2

slide-3
SLIDE 3

Secure Solutions from Security Professionals

For Official Use Only

Spear Phishing, What is it?

 A type of phishing attack  Uses email messages to trick users to clicking a link,

downloading a file, entering data, etc.

 Malware may be downloaded / executed to hijack the

user’s computer

 May appear to come from a trusted source (e.g.,

colleague, supervisor, employer, vendor, etc.)

 More targeted than phishing, not random  Attacker is targeting you and your organization’s data

3

slide-4
SLIDE 4

Secure Solutions from Security Professionals

For Official Use Only

Spear Phishing, Why?

 Bypasses many network perimeter security controls –

targets the human

 Provides access to the user’s computer and thereby the

  • rganization’s internal network and data

 Often made easier with information about users often

available online facilitating attack

 E.g., Social Media 4

slide-5
SLIDE 5

Secure Solutions from Security Professionals

For Official Use Only

Spear Phishing, Defenses

 System / network IT security controls

 Spam filters  Antivirus  Content filtering  Digital signatures

 User / personnel training

5

slide-6
SLIDE 6

Secure Solutions from Security Professionals

For Official Use Only

Spear Phishing, Training

 Training concepts

 Social media  Knowing which emails to trust / validate source  Don’t click URL’s, download files from emails  Pay attention to grammar, greeting, look and feel of the email –

identify suspicious emails

 Confirm via telephone call, reporting

 Training delivery methods

 Part of user awareness/onboarding and annual security awareness

training (e.g., web based)

 Exercises online  Commercial services to perform testing. Provides user training

(e.g., this was a test), and provide metrics

6

slide-7
SLIDE 7

Secure Solutions from Security Professionals

For Official Use Only

Conclusion

 Spear Phishing is real and has led to numerous

compromises

 Commonly used vector, bypasses perimeter defenses,

access to internal networks and data

 Training the user is essential !

7

slide-8
SLIDE 8

Secure Solutions from Security Professionals

For Official Use Only

Questions

8