ANTI PHISHING FOR IT

Course Content

  • Objectives:
    1. Build a Security Minded Culture – Security awareness training contributes to a purposeful approach to creating a company culture that values secure practices. Training, when coupled with rewards and recognition, provides employees with the information and the motivation to keep the company safe.
    2. Instill Best Practices – Employees are usually well-intentioned, but often don’t know the best security practices for certain situations. Training gives them standards and sets expectations for what they should do, for example when selecting strong passwords or preventing an unauthorized visitor from entering the office.
    3. Avoid Costly Breaches and Down Time – Effective security awareness training keeps employees from making mistakes that take time and money to fix. Data breaches can result in costly fines, irreparable reputational damage and lost business. And, any security issue has to be addressed by IT resources whose time is expensive.
  • Identifying the threat and its sources
    1. What is a Phishing attack? Types of Phishing attacks
    2. Why Criminals use Phishing?
    3. How to protect yourself from Phishing
    4. Simulating an Attack to create a powerful awareness training module
      Use:
    5. Social Engineering component of Phishing
  • Defense Mechanisms against Phishing Attacks
    1. How to: Avoid getting Hooked
    2. Summary of Redflags
    3. How to report Phishing Emails
    4. What to do when accidentally hooked
    5. Learning about Demarc and SPF
      Use:
      • Demarcian - Demarcian.com
  • Spearphishing - Protect your company from being Spearphished
    1. How SpearPhishing is successful and how it works
    2. How to stop SpearPhishing
    3. How Demarc can be used to prevent SpearPhishing
  • Mitigation Techniques
    1. Pharming and DNS Poisoning Attacks
    2. DNS Based AntiPhishing Approach - OpenDNS and Cleanbrowsing (Hostfile and Sink holing)
    3. Using PhishFeeds to combat Phishing - OpenFish and Phishtank
    4. Using MXGuardDog to combat SPAM and Phishing Emails
    5. Using Office365 to combat SPAM and Phishing Emails
  • Awareness is the key
    1. Measure Awareness and Training Effectiveness
      • Successful Attacks - How many attacks you received in the past 6 months
      • Phishing Emails Reported - How many emails have been flagged by your employees for the past 6 months
      • Results of simulated Phishing Attacks - How well your people avoid becoming victims of attack.
    2. Make Cybersecurity a company focus
    3. Sandboxing
    4. Simulate
    5. Training - https://www.eset.com/us/cybertraining/
  • Cryptocurrencies and relationship to Phishing
  • Attack Surfaces
    1. Terminologies: attack vector, exploit, attack surface, vulnerability
    2. Identifying points of entry
    3. Identifying data values: confidential, sensitive, regulated
  • Managing attack surfaces
    • Makati
    • +63 2 8891 0713
    • +63 2 8751 6482

    • Intramuros
    • +63 2 8524-5572
    • Intramuros
    • 658 Muralla St., Intramuros, Manila 1002, Philippines


    • Makati
    • 333 Sen. Gil Puyat Ave., Makati City 1200, Philippines