Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
That Time I Clicked on a Phish
As a security leader for the past 17 years, I expect myself to be exemplary on the topic of recognizing phishing scams, and I have tried to model this for others. Still, there have been a couple of occasions where even I started to "take the bait". In both cases, these were mass-mailings and not company targeted phishes – one related to a desktop upgrade that our company happened to be undergoing at the same time. In each of these cases, I was instructed to click a link to carry out some “company requested” task. After doing so, I examined the next page, which didn’t look quite right. Then I realized I'd been duped. However, no harm was done as I didn't complete the forms that were attempting to steal my login credentials or other important information. For a security leader, both of these felt a little bit like a "near-death" experience, complete with an adrenalin rush and the realization that I had almost fallen for a ruse with potentially dire consequences. I was close to being “that guy.”
Internal controls are great. But.
Thankfully, my company had a comprehensive defense-in-depth for all its endpoints, including anti-virus, advanced anti-malware, network-based phishing message filtering and URL protection, and network and desktop firewalls and IPS. However, even with such a collection of defenses, I never assume that IT security can protect me from myself 100% of the time, and neither should anyone else. The first and last best defense is the human who is examining every single incoming message, thoughtfully (I hope) considering its source, subject line, directed action, and then making a good decision about it.
Telling the difference
The experiences I mentioned gave me first-hand insight that good phishing scams can be difficult to discern. As attackers become more and more sophisticated (poor English notwithstanding), determining what is genuine and what is fake is getting more and more difficult, even for conscientious, trained “experts.”
With email overload still occurring (even with team tools), especially after any time away from the office, the ability to take precious time to examine an email is sometimes falling by the wayside. A refresher is never a bad idea, and with more than two-thirds of advanced cyber attacks beginning with phishing, it’s a great idea to mentally go through a quick checklist to help even the most experienced among us avoid being duped.
It’s like real money and great fakes
Here’s another perspective. Early in my career, I was in the banking industry and became familiar with the methods used to help tellers distinguish genuine currency from counterfeit. Banks trained their tellers on all of the obvious and subtle characteristics of real currency. The thought was that when they encountered a counterfeit bill, the teller would spot it because something doesn’t “feel right” or “look right.” This approach could also be used for spotting phishing messages: when you’re familiar with legitimate communications in your organization, phishing messages aren’t going to look right. Often, that’s your only clue: something is “just off.”
While spotting ruses is getting more difficult, taking just a little more time to examine an email for red flags can make the difference between a big issue and avoiding it entirely.
Let us know what you need, and we will have an Optiv professional contact you shortly.