What do you think?
Rate this book
Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing
Keep valuable data safe from even the most sophisticated social engineering and phishing attacks
Fighting Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.
Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading Develop technology and security policies that protect your organization against the most common types of social engineering and phishing Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.
Fighting Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.
Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading Develop technology and security policies that protect your organization against the most common types of social engineering and phishing Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.
448 pages, Paperback
Published February 21, 2024
9 people are currently reading
25 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
July 4, 2024
Outstanding. And very useful.
This is a great guide to building or improving our company security awareness. Especially as I see certain users having issues with the recently mandated addition of MFA to our Microsoft 365 user logins.
This is a great guide to building or improving our company security awareness. Especially as I see certain users having issues with the recently mandated addition of MFA to our Microsoft 365 user logins.
March 7, 2024
Much of the encryption used today is based on the Advanced Encryption Standard (AES), selected by the National Institute of Standards and Technology (NIST) as the U.S. federal government standard. Besides being free to implement, it is extremely hard to break.
After being in production for over 20 years, AES has been shown to be resistant to most attacks. But it is not immune to brute-force attacks. The downside to brute force attacks against AES is that it takes time, a lot of time. It would take about a billion years for an array of supercomputers to brute force a single AES 128-bit encryption key.
Moving to AES 256-bit encryption key, even if you had every computer within AWS working on the problem, it would take tens of billions of years to break. And that is for but a single key.
Therefore, no one is using supercomputers in parallel to break AES keys. Parenthetically, if someone has so much computing power, it would be more profitable to mine Bitcoin.
Attackers wanting to breach systems who don’t want to wait billions of years have found something relatively easy and infinitely more cost-effective to launch successful attacks, and that is phishing.
Phishing is sending emails claiming to be from a legitimate source to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing is prevalent, given that it is possible to send out tens of millions of emails for a pittance. And even with grammar and spelling mistakes, people still fall for them.
Any organization that does not have formal policies and processes to deal with phishing is placing itself at significant risk. In Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing (Wiley), author Roger Grimes has written a practical and valuable on how to do that.
Phishing and wrong-number text scams are brilliantly simple but highly effective attack vectors. In this very practical and actionable guide, Grimes details in depth what firms need to do to mount a fighting chance against phishing attacks.
Contrary to popular belief, wrong-number text scams and phishing attacks are not done by rogue hackers from their college dorms. Criminal gangs, often nation-state-supported, work behind very well-organized and managed organizations to launch these often sophisticated attacks. Unless a firm has a comprehensive set of policies, awareness programs, and technical strategies to mount a defense against phishing, they will invariably be victims.
Part I of the book is Introduction to Social Engineering Security, with parts 2-4 on Policies, Technical Defenses, and Creating a Great Security Awareness Program. In truth, only part 1 is about phishing, while the rest of the book can be applied to effective information security practices. The lesson is that a good phishing defense has to be built on a good foundation of effective information security controls.
An important topic the book details is what to do in the event of a successful phishing attack. Given the sophistication of many cybercriminal gangs, combined with the ineffective security programs at many firms, knowing what to do in the event of a successful phishing attack is paramount. The truth be told, most firms that don’t have effective anti-phishing controls in place will likely not have a clue what to do in the event of a successful phishing attack, so they are doubly punished.
Since phishing is a message-based attack, controls at that level are paramount. Part 3 on technical defenses provides a very detailed look at what firms can and should put in place to defend against phishing.
Protocols and email authentication methods such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and more are discussed in depth. There’s no shortage of security tools firms can use to defend against phishing. The critical point is that it requires proactive security to do that. Don’t wait for a successful phishing attack to do that. By then, it’s far too late.
The Ponemon Institute reported in their 2021 Cost of Phishing study that the average cost of a business email compromise attack was close to $6 million. The cost of this book is $28. You do the math.
Any firm that does not have a defined program to deal with threats against phishing, email invoice fraud, and the like will invariably fall victim to these attacks. For those looking to have a fighting chance against these scourges and more, Fighting Phishing is an excellent guide to help.
n
After being in production for over 20 years, AES has been shown to be resistant to most attacks. But it is not immune to brute-force attacks. The downside to brute force attacks against AES is that it takes time, a lot of time. It would take about a billion years for an array of supercomputers to brute force a single AES 128-bit encryption key.
Moving to AES 256-bit encryption key, even if you had every computer within AWS working on the problem, it would take tens of billions of years to break. And that is for but a single key.
Therefore, no one is using supercomputers in parallel to break AES keys. Parenthetically, if someone has so much computing power, it would be more profitable to mine Bitcoin.
Attackers wanting to breach systems who don’t want to wait billions of years have found something relatively easy and infinitely more cost-effective to launch successful attacks, and that is phishing.
Phishing is sending emails claiming to be from a legitimate source to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing is prevalent, given that it is possible to send out tens of millions of emails for a pittance. And even with grammar and spelling mistakes, people still fall for them.
Any organization that does not have formal policies and processes to deal with phishing is placing itself at significant risk. In Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing (Wiley), author Roger Grimes has written a practical and valuable on how to do that.
Phishing and wrong-number text scams are brilliantly simple but highly effective attack vectors. In this very practical and actionable guide, Grimes details in depth what firms need to do to mount a fighting chance against phishing attacks.
Contrary to popular belief, wrong-number text scams and phishing attacks are not done by rogue hackers from their college dorms. Criminal gangs, often nation-state-supported, work behind very well-organized and managed organizations to launch these often sophisticated attacks. Unless a firm has a comprehensive set of policies, awareness programs, and technical strategies to mount a defense against phishing, they will invariably be victims.
Part I of the book is Introduction to Social Engineering Security, with parts 2-4 on Policies, Technical Defenses, and Creating a Great Security Awareness Program. In truth, only part 1 is about phishing, while the rest of the book can be applied to effective information security practices. The lesson is that a good phishing defense has to be built on a good foundation of effective information security controls.
An important topic the book details is what to do in the event of a successful phishing attack. Given the sophistication of many cybercriminal gangs, combined with the ineffective security programs at many firms, knowing what to do in the event of a successful phishing attack is paramount. The truth be told, most firms that don’t have effective anti-phishing controls in place will likely not have a clue what to do in the event of a successful phishing attack, so they are doubly punished.
Since phishing is a message-based attack, controls at that level are paramount. Part 3 on technical defenses provides a very detailed look at what firms can and should put in place to defend against phishing.
Protocols and email authentication methods such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and more are discussed in depth. There’s no shortage of security tools firms can use to defend against phishing. The critical point is that it requires proactive security to do that. Don’t wait for a successful phishing attack to do that. By then, it’s far too late.
The Ponemon Institute reported in their 2021 Cost of Phishing study that the average cost of a business email compromise attack was close to $6 million. The cost of this book is $28. You do the math.
Any firm that does not have a defined program to deal with threats against phishing, email invoice fraud, and the like will invariably fall victim to these attacks. For those looking to have a fighting chance against these scourges and more, Fighting Phishing is an excellent guide to help.
n
Displaying 1 - 2 of 2 reviews