Home » Data Protection

Threat Watch

Whaling Gets Real

Powered by social-networking sites and compromised corporate databases, super-targeted phishing attacks are moving from theory to practice. Here's how to understand this evolving information-security threat and protect your company and its executives

» add a comment

By Rick Cook

Page 3

someone you know, mail them back and ask what they’re sending," Stewart says. "You’ve really got to be suspicious of these types of messages that seem to come from an authority figure. In that sense we have an easier job in user education. It comes to security team having a meeting of the executive team [and saying,] Be suspicious of anything you get. Run it by us."

Paller, however, warns that "education" in the form of seminars and lectures doesn’t work well in the long run; in fact, he says, it hardly works at all. Instead, he suggests a process he calls "inoculation," which involves repeatedly sending out fake whaling-type messages. "When [the user bites], [he or she] gets a message saying, ’Oops, you’ve just been had.’ You do that over and over again until people learn.”

Rick Cook is a freelance writer based in Phoenix.

--

The comment field below does not work. Please send your feedback to csoletters@cxo.com.

Other stories by Rick Cook

« 1 2 3

RESOURCE CENTER

VIRTUAL CONFERENCE

Data Center Directions Virtual Conference

Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER

Discover whether hosting is your smartest choice for enterprise messaging.

To host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.

» Read the Paper

White Papers

Enterprise Management Associates: Taking the Botnet Threat Seriously

Understanding Data Location is Imperative for Data Loss Prevention

Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology

5 Strategies for Reducing the High Cost of Online Consumer Authentication

Guide: 5 Steps to Secure Outsourced Application Development

Fact or Fiction Security Survival Guide: Clearing up Misconceptions, Myths and Mistruths about Security

A Guide to Providing Proactive Protection to Consumer Online Transactions

Moving Past Enterprise Single Sign-On (SSO): Securing Internet SSO

Stop mobility from jeopardizing PCI compliance with these best practices.

Embrace NAC for protecting today's greatest blind spot: the mobile endpoint.

Learn best practices for maximizing your mobile workforce infrastructure.

More White Papers »

Featured Sponsors

Sponsored Links

Clear up Misconceptions, Myths and Mistruths about Security

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Webcast: Best Practices for Application Security in the Financial Sector

Any company can promise identity protection. Only Debix can prove it

Understanding Data Location is Imperative for Data Loss Prevention

BigFix - Be the IT Superhero!

Webcast: Solutions to the Toughest IT Challenges in Remote Offices

Secure your virtual and physical environments with the same software

5 Steps to Secure Outsourced Application Development