OKIOK is pleased to have presented “Application Security and Phishing” at the OWASP conference initiative sponsored by OWASP Montreal. OKIOK exposed the impacts of phishing experienced by businesses and presented practical action plans to address those risks.
The presentation introduced and emphasized the connection and causality links between the application security and phishing campaigns. In a study conducted in 2015, the APWG (Anti Phishing Work Group) identified no less than 1.3 million unique phishing campaigns. This represents twice the 2014 occurrences as well as four times the 2010 incidents.
The current trend is showing a constant increase of fraudulent emails targeting growing and stable businesses. Redirects links, fake forged web portals, infected attachments and identity thefts are examples of attacks covered through the various scenarios described by Alexander Pieyre and François-Xavier Desmarais, senior consultants at OKIOK.
It is important to keep in mind that no matter the application’s security level, if a fraudulent acquisition of identifiers occurs, the security perimeter is of no effect. This is true for all types of application : accessible from the outside or the inside of the organisation. Whether it is thru Drive-by-download, Cross Site Request Forgery (CSRF) or Email Spoofing, the common goal is to get you to disclose in order to act against and impact the integrity and confidentiality of your information assets.
To counter those threats and preserve the security posture of your data, several areas of recommendations were identified, such as
- Employee awareness;
- Mail servers security configurations;
- Identification and blocking of suspicious domain names;
- Incident management procedures;
- Utilisation of secure and controlled file exchanges services or solutions;
- Intrusion Detections.
With its extensive expertise in the field of cybersecurity, OKIOK can help you protect your organisation against phishing campaigns. OKIOK provides during assessment and remediation engagements a variety of personalized trends indicators and statistics.
World pioneer and Canadian leader in information security for more than thirty years, OKIOK delivers a complete range of services and products, including secure file transfer, identity & access management and computer forensics. Its vast offering takes the form of consulting services, outsourced security management, commercial and custom solutions and training services.
Amongst the few firms in Canada to make research and development its cornerstone, OKIOK stands at the forefront of the sector through on-going innovation.