Question

Q3) What is Phishing? What are the three types of phishing discussed in the activity?

Q4) What is a Data Breach? Mention three biggest data breaches of all time. (Hint: CyberStory – Data Breach)

Q5) What should companies do to protect your data from Data breaches? (Hint: CyberStory – Data Breach

Answer 1

3)

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.

Types of phishing attacks

• Deceptive phishing

Deceptive phishing is the most common type of phishing. In this case, an attacker attempts to obtain confidential information from the victims. Attackers use the information to steal money or to launch other attacks. A fake email from a bank asking you to click a link and verify your account details is an example of deceptive phishing.

• Spear phishing

Spear phishing targets specific individuals instead of a wide group of people. Attackers often research their victims on social media and other sites. That way, they can customize their communications and appear more authentic. Spear phishing is often the first step used to penetrate a company’s defenses and carry out a targeted attack.

• Whaling

When attackers go after a “big fish” like a CEO, it’s called whaling. These attackers often spend considerable time profiling the target to find the opportune moment and means of stealing login credentials. Whaling is of particular concern because high-level executives are able to access a great deal of company information.

• Pharming

Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate. However, in this case, victims do not even have to click a malicious link to be taken to the bogus site. Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.

4)

A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

Company	Accounts Hacked	Date of Hack
Yahoo	3 billion	Aug. 2013
Marriott	500 million	2014-2018
Yahoo	500 million	Late 2014

5)

1. Fully discover your attack surface—everything that touches your network, and every way it might get attacked

Organizations must uncover all internal, cloud, and third-party IT assets that touch their network and could act as an entry point for cybercriminals. This includes servers, applications, managed IT infrastructure, and cloud assets, but also BYOD, Internet of Things (IoT) devices, industrial control systems (ICS), and third-party assets from other business partners, the report noted. Businesses should also be aware of the more than 250 attack vectors, including phishing and malware, that could lead to an attack.

2. Understand your overall cyber-risk and the specific business risk of each asset if it were breached

The majority of organizations (60%) have not incorporated cyber risk into their vulnerability management program, the report found. Adding the ability to assess the cyber risk of every asset touching your network can help determine the total cyber risk of your enterprise, and ways to assess and improve your cybersecurity posture.

3. Use risk-based analysis to prioritize which fixes SecOps and IT teams should work on, postpone, and ignore

Since the majority of organizations reported a gap between the number of security alerts received and the resources available to work through them, understanding your device and cyber risks can help prioritize what issues to fix in what order, including unpatched software, password issues, and misconfigurations.

4. Make SecOps and IT more productive by automating the discovery of asset inventory and vulnerabilities, as well as the creation of prioritized fixes and resulting tickets

Some organizations are turning to automated tools to help close cybersecurity gaps. Automation capabilities are increasingly included in cybersecurity solutions, and have created new market categories like security orchestration, automation and response (SOAR), the report noted. When seeking out new cybersecurity tools with automation, businesses should assess how the tools actually use artificial intelligence (AI) and machine learning to work, the report recommended.