Security Staff Acquisition & Development, Data Security, Leadership, Network Security

The Phishing Kill Chain

By Ira Winkler

As a person who currently focuses on security awareness, hearing about or witnessing successful phishing attacks is frustrating. What is more frustrating is listening to security professionals blame users for falling for a phishing message instead of looking at themselves.

While there are admittedly some very stupid users out there, before the attempt can reach the user, successful phishing attacks take advantage of the technologies the security professionals implemented.

Phishing ImageYou have to consider that for a user to click on a phishing message, it must first get to them. That means that systems connected to the internet facilitate the message creation and distribution. Your own network has to receive and then distribute the message to the user. Then assuming the user reacts to the message, the system can be configured to challenge the user, questioning whether he or she wants to complete a potentially harmful action.

Assuming the user chooses to override the warning and take action, the system can still prevent it. For example, regular users should not be given the administrative rights to install software on company-owned and maintained systems that could very likely be ransomware. Of course, given the right tools, the network can also detect and react to potentially harmful activity as well.

While phishing does rely upon a user taking an action, that action is just one failure point among many, with most of those failures being technologically based.

Fundamentally, if a single user action destroys your network, your network sucks. This is the focus of “The Phishing Kill Chain,” the presentation I will deliver at InfoSec World 2017. We will discuss the true definition of a “kill chain,” the phases of a phishing attack and the respective kill chain, as well as how to holistically implement the concept to prevent successful phishing attacks in your organization.



About the author: Ira Winkler is President of Secure Mentem and co-host of The Irari Report. He performs espionage simulations against some of the largest companies in the world and investigates crimes against them, telling them how to cost effectively protect their information and computer infrastructure. Ira will present The Phishing Kill Chain at InfoSec World 2017, using content derived from his new book, Advanced Persistent Security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.