Week2CSIA310Discussion

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

310

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by gnomechild666

Report
What is Phishing? Phishing is a cyberattack where attackers try to gather personal information such as usernames, passwords, email addresses, and credit card information (Jagatic, et al, 2007). They could also be looking for sensitive data like classified documents or trade secrets. Phishing is one of the most common forms of social engineering attacks. These attackers use emails or text messages to pretend to be legitimate sources like a bank, or the government, and some may even try to pass themselves off as part of the organization they are trying to steal from. These fraudulent emails contain links to fake websites that may appear legitimate. These websites are used to collect confidential information (Jagatic, et al, 2007). What can happen when a successful phishing attack gives outsiders access to company networks and computers? If an attacker successfully acquires company credentials, then they are one step closer to accessing the company’s network. Having a malicious actor on the network can lead to many problems. A data breach could leak confidential information or personal identifiable information of employees or clients. If there is no plan in place to quickly revoke unauthorized access, the company could suffer financial loss (Aleroud & Zhou, 2017). The attacker may try to steal funds or extort the company. Unauthorized access to the network also provides an easy way for attackers to install malicious software such as malware or ransomware. These compromised systems cause a loss of productivity and system disruptions. How can employees avoid "biting" on a "phish?"
The first step in protecting the network is proper training. If an employee can detect what is a legitimate email or website from a fraudulent one, they are mitigating risk. In this type of training, clear security policies should be introduced as well. These policies cover how to handle sensitive information and how to respond to a security incident. It is imperative to keep regularly reviewing and auditing these policies. The cybersecurity team is responsible for keeping all software up to date. Anti-phishing tools, such as Barracuda Sentinel or BrandSheild, can detect phishing emails and quarantine them before they even reach the intended recipient target (Ferrill, 2022). How should employees report phishing attacks? Why is immediate reporting critical to stopping the attackers? The company needs to have an established procedure on how to respond to a cybersecurity attack. A clear plan can save the company precious time and resources. If an employee suspects a phishing attack, they should know immediately who to contact. The faster the response time of the team, the less damage can be done to the network and its connected systems. Conclusion and Recommendations The simplest way to prevent a phishing attack is to avoid it. Utilizing anti-phishing software creates an additional layer of security but employees can still make mistakes if they are not properly trained. By training employees to recognize fraudulent emails and not click on suspicious links, the risk is being mitigated before it ever becomes a problem. Including a robust
action plan and concise policies in employee training will ensure that if there is an attack, swift action can be taken with little confusion. References Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68(68), 160–196. https://doi.org/10.1016/j.cose.2017.04.006 Ferrill, T. (2022, April 28). 10 top anti-phishing tools and services. CSO Online. https://www.csoonline.com/article/569867/9-top-anti-phishing-tools-and-services.html Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94–100. https://doi.org/10.1145/1290958.1290968 Social Engineering vs Phishing. (n.d.). Check Point Software. https://www.checkpoint.com/cyber-hub/threat-prevention/social-engineering-attacks/social- engineering-vs-phishing/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

database-creation-STEPS.docx
Discussion_Week1_CSIA310.docx
Project 24_ Software Testing.docx
Lab 3 - Vulnerability Scanning and Exploitation.docx
CSIA310_discussion_Week1.docx
IT 226 4.1 Activity Blog Post for Revision_Chitwood.docx
CSIA3107382Week1.docx
Lab 4- Packet Analysis and Sniffing-1.docx
20220612_10_MakrisJohn.docx
IDS105 module 4 project draft.docx
LabSim Chapter 7.docx
LabSim Chapter 9.docx