Podcast: Play in new window | Download (Duration: 10:36 — 14.6MB)
Subscribe: RSS
Summary
In this episode of Chattinn Cyber, Marc Schein is chattin’ with Gideon Hazam, a renowned expert in spoofing. The discussion revolves around the challenges faced by organizations in detecting and protecting against phishing attacks on their brands.
Gideon explains that his company spent six months meeting with Chief Information Security Officers (CISOs) from various industries to understand their main challenges related to phishing attacks. They identified three major challenges: detecting phishing attacks quickly, identifying the users exposed to these attacks, and finding ways to protect them.
To address these challenges, Gideon’s company developed a platform that has gained popularity and is now being implemented across sectors and organizations worldwide. The platform helps organizations detect phishing attacks on their customers quickly, identify the users at risk, and implement measures to protect them.
He then goes on to explain the connection between spoofing and phishing. Phishing is the platform used to conduct a cyber takeover, where attackers create fake websites to harvest credentials or steal money. Spoofing, on the other hand, is the technique used to generate these phishing attacks. It involves using spoofing tools to create fake websites or clone existing ones.
The conversation then delves into the susceptibility of different industries to spoofing attacks. Gideon explains that any organization with an online presence and customer interaction is a potential target for hackers. However, industries related to finance and money are particularly vulnerable due to the potential for financial manipulation and theft.
The discussion also touches upon the lifecycle of a phishing attack. It starts with building the phishing site, which is then detected and ideally taken down. However, the exposure window remains until the site is successfully removed. Even after takedown, the harvested credentials can still be exploited, posing a continued threat to organizations.
Gideon predicts that spoofing attacks will become more prevalent in the corporate world due to the increasing reliance on online activities and the availability of numerous spoofing tools in the market. He emphasizes the need for authentication solutions to ensure users are visiting legitimate websites and not falling victim to imposter sites.
The conversation provides valuable insights into the challenges posed by spoofing and phishing attacks, the connection between the two, and the need for robust authentication measures to protect against these threats. The discussion highlights the importance of detecting attacks quickly, identifying at-risk users, and implementing effective protection measures to safeguard organizations and their customers.
Key Points
- Organizations face three major challenges when it comes to phishing attacks on their brands: detecting attacks quickly, identifying exposed users, and protecting them.
- Spoofing is the technique used to generate phishing attacks, where attackers create fake websites or clone existing ones.
- Any organization with an online presence and customer interaction is a potential target for spoofing attacks, with industries related to finance being particularly vulnerable.
- The lifecycle of a phishing attack involves building the phishing site, detecting it, and ideally taking it down. However, even after takedown, the harvested credentials can still be exploited.
- The prevalence of spoofing attacks is expected to increase due to the growing reliance on online activities and the availability of easy-to-use spoofing tools in the market.
Key Quotes
- “Phishing is basically the platform to conduct a counter takeover in one hand. I will build a phishing site in order to harvest as many credentials as possible of any anyone. And secondly, I can use phishing to steal money. Simple as that.”
- “The interesting part is that any firm, any organization that has online presence, which require interaction between end user and customer is a target for the hackers, because if they can use their tools to harvest credentials, that would anywhere on each industry or niche…”
- “Detection and takedown … are the two major points. But takedown may take days may take weeks. Sometimes it takes even longer. And until the point that this site is down, the customers, the end users are still exposed.”
- “The more online activities become, the more spoofing attack will be there. Because this is a huge surface for attackers to exploit … The number of … spoofing tools [that] exist today in the market is numerous.”
About Our Guest
Gideon Hazam is an accomplished senior sales and business professional with a wealth of experience in business operations, development, and strategic sales, complemented by strong technology and managerial skills. As the co-founder and Chief Operation & Security Officer of Memcyco, he leads the charge in addressing a critical cyber blind spot: brand impersonation attacks that jeopardize both companies and their customers. With a unique ability to analyze complex business challenges and devise effective strategies, Gideon emphasizes the importance of protecting users from the rising tide of phishing and social engineering attacks. His extensive background in corporate development and global sales, combined with a collaborative and creative leadership style, positions him as a key player in the cybersecurity landscape. Passionate about safeguarding consumers in an evolving threat environment, Gideon is eager to engage in discussions about enhancing online protection measures against the ever-growing onslaught of cyber threats.
Follow Our Guest:
About Our Host
National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.
Follow Our Host: