Subscribe
  • Home
  • /
  • Security
  • /
  • Phishing remains the most successful attack vector

Phishing remains the most successful attack vector

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 30 Mar 2017

ITWeb Security Summit 2017

Registration is already open for the 2017 Security Summit, five international plenary speakers, #SS17HACK launch, five training courses to choose from, and much more. For the complete agenda, click here.

The danger of the insider threat has been widely publicised. Although external threats like cybercriminals or hackers are an continuous worry for businesses of all types and sizes, malicious insider attacks that can have catastrophic consequences, and cause major damage.

The majority of major data breaches that have flooded the headlines in the past few years have been mostly carried out by outsiders, and have cost businesses millions of rands. These threats have seen businesses ramping up their security controls, with the implementation of traditional security tools.

However, threats that come from the inside are far harder to prevent, and incredibly difficult to detect using today's usual security measures. After all, these individuals have legitimate access to the company's information and valid credentials.

Web sites and employees are seen as a target of opportunity by cyber criminals, says Jayson Street, infosec ranger at Pwnie Express, who will be presenting on 'An attacker's view of your Web site and employees, and how he/she uses them against you,' at the ITWeb Security Summit 2017, to be held at Vodacom World in Midrand, from 15 to 19 May.

Jayson Street, infosec ranger at Pwnie Express
Jayson Street, infosec ranger at Pwnie Express

He adds that information businesses give away freely to attract customers is the same information that criminals will use to compromise them. In terms of social engineering, Street says phishing is by far and foremost the most popular and successful attack vector., and businesses are a particularly worthwhile target.

"I personally think just walking in and compromising a corporation works well too. Attackers will mine social media and create fake Web sites to create opportunities for compromise."

Delegates attending Street's talk will walk away with actual easy to implement defences that they can incorporate into their existing infrastructure.

Share