网络科技

    今日:1293| 主题:244772
收藏本版
互联网、科技极客的综合动态。

[科技] Security Think Tank: Combine technology and communication to combat phishing ris

[复制链接]
很绝美很感慨 发表于 2016-10-7 00:52:24
109 10

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

Security Think Tank: Combine technology and communication to combat phishing ris-1 (technology,techniques,available,education,effective)

   At a recent Black Hat conference in the US, nearly half the delegates who were polled about phishing scams said they were not confident their company’s executives could spot one. So, dear reader, how confident are you that your senior managers could spot a phishing scam?
  There are a number of technologies available to help deal with email-borne scams. It’s fair to say none of them are 100% effective and some scam emails will get through. This puts a reliance on the email recipient to handle the scam email in the most appropriate way, and where training and education for the user comes in. So what are the most effective techniques today?
   Businesses with their own email server or system can heavily reduce the volume of scam or phishing emails getting through to user inboxes by using an email scanning system typically placed in front of an email server. This could be acloud-based service, such as Message Labs,AVG Cloud Care or Symantec Email Security.cloud, or an in-house system, such as Mail Scanner, Sophos XG Firewall orGFI Mail Essential.
  Our experience is that some of the cloud-based services do let through some spam emails that would typically be caught by an on-site engine. For many organisations, a cloud-based service is a good first choice for technical control, as it does not rely on the organisation having to maintain the system. Some cloud-based services can be configured to allow individual user access to review and control any quarantined emails against their own email address – for example, delete, release or block – and thus the pressure on in-house support staff is reduced.
  Individuals and businesses that buy their email service from a second or third party – for example, their internet service provider, Microsoft 365, Google and other internet-based hosting companies – should look to ensure the email service is supplied with comprehensive email protection such as spam or phishing protection, or antivirus software.
  The value of PC-based email protection is questionable. It may well provide a long stop, but the antivirus product running on the PC should provide protection without needing to be integrated with the email product. Microsoft discussed this back in 2008 in relation to Outlook Express.
  On spam detection, PC-based products are useful where there is no front-end protection, such as at ISP level, but they will rely on being fully maintained, up-to-date and typically won’t be as good as a cloud-based service. However, many of the products available for the PC provide a complete suite of facilities, including antivirus, URL checking and spam filtering, and are still a valuable additional technical control.
  With the technical controls in place, you need to train and educate users on spotting emails with malicious intent, as well as knowing what to do should something go wrong. Remember that such an exercise is not a one-off. It must be supported and reinforced on an ongoing basis.
   The message in any training and education is that failure will typically lead to potentially significant financial loss. In early 2016, our company helped a mid-sized company, with about £3m in turnover, that was hit with ransomware . In this case, an email from an unknown supplier with a PDF invoice was opened. It took two days and approximately 60 resource hours to fully recover the IT and data. The overall cost ran into thousands of pounds.
  The message of not opening emails from unknown sources, or unexpected emails or attachments, is key, but those messages must be reinforced by identifying the potential for financial loss or potential PR disaster. These are messages that senior managers and board directors can understand, because they generally won’t understand technical gobbledygook.
  Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.
友荐云推荐




上一篇:Why are payday loan ads still showing on Google after the ban?
下一篇:Instagram Stories has 100 million daily active users after just 2 months
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

ckqvr 发表于 2016-10-7 00:59:40
抢完橘子抢银行,现在要来抢沙发!
回复 支持 反对

使用道具 举报

い明 媚 发表于 2016-10-7 01:00:03
站位支持
回复 支持 反对

使用道具 举报

alvin285 发表于 2016-10-7 01:00:44
一直在看
回复 支持 反对

使用道具 举报

美麗的邂逅∮ 发表于 2016-10-7 01:14:55
我只是来看看的,这个世界还有太多的帖需要哥。哥祝楼主早日得到解答
回复 支持 反对

使用道具 举报

廖晶 发表于 2016-10-7 01:16:53
楼主想办法,让咱的帖子火起来吧。。。。
回复 支持 反对

使用道具 举报

mumuworld 发表于 2016-10-7 04:09:30
楼主已成仙,有事请求签!
回复 支持 反对

使用道具 举报

263262 发表于 2016-10-7 12:08:03
LZ帖子不给力,勉强给回复下吧
回复 支持 反对

使用道具 举报

jt5d 发表于 2016-10-12 20:34:33
永远不要给背叛过自己的朋友第二次背叛的机会。
回复 支持 反对

使用道具 举报

865569680 发表于 2016-11-11 08:00:24
睡眠是一门艺术――谁也无法阻挡我追求艺术的脚步!  
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表