Cybersecurity Month: New Guidance for Tackling Phishing Attacks
DRI Admin
Close up of hands typing.
As National Cybersecurity Awareness Month continues, a multi-department security team has partnered to issue new guidance for organizations of all sizes on stopping phishing attacks before they do irreparable harm.
“Phishing Guidance: Stopping the Attack Cycle at Phase One” is a cybersecurity information sheet developed by the Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It’s a joint effort to alert organizations to the latest techniques in phishing attacks and defend against them.
Among the latest vulnerabilities cyber attackers are using: work from home. “Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence,” said Eric Chudow, NSA Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. “They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions.”
The report provides tactics for both the organization’s front-end users and information technology departments, as well as mitigations for software manufacturers that should be incorporated during development. And for organizations that have already identified malware because of phishing, there are also six incident response steps laid out:
Re-provisioning compromised user accounts to deny further access
Auditing account access
Isolating affected workstations
Analyzing the malware
Eradicating the malware
Restoring systems to normal operations
While the guidance is meant for all organizations, the sheet also includes recommendations for small- and medium-sized businesses with fewer resources available, including: