Please enter the text in the same order as shown in the Image below
Take Courses
Get Certified
Attend Events
Explore Resources

Cybersecurity Month: New Guidance for Tackling Phishing Attacks

October 20, 2023 Leave a comment DRI Admin

As National Cybersecurity Awareness Month continues, a multi-department security team has partnered to issue new guidance for organizations of all sizes on stopping phishing attacks before they do irreparable harm.

“Phishing Guidance: Stopping the Attack Cycle at Phase One” is a cybersecurity information sheet developed by the Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It’s a joint effort to alert organizations to the latest techniques in phishing attacks and defend against them.

Among the latest vulnerabilities cyber attackers are using: work from home. “Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence,” said Eric Chudow, NSA Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. “They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions.”

The report provides tactics for both the organization’s front-end users and information technology departments, as well as mitigations for software manufacturers that should be incorporated during development. And for organizations that have already identified malware because of phishing, there are also six incident response steps laid out:

  1. Re-provisioning compromised user accounts to deny further access
  2. Auditing account access
  3. Isolating affected workstations
  4. Analyzing the malware
  5. Eradicating the malware
  6. Restoring systems to normal operations

While the guidance is meant for all organizations, the sheet also includes recommendations for small- and medium-sized businesses with fewer resources available, including:

  • Setting up annual phishing awareness training
  • Identifying network phishing vulnerabilities
  • Enabling multi-factor authentication (MFA)
  • Implementing strong password policies, and
  • Setting up automatic software updates.

Click here to read the full report.

1115 Broadway
12th Floor
New York, NY 10010

London Office
Tallis House
2 Tallis Street
London, EC4Y 0AB

©2023 DRI International, Inc. All Rights Reserved.