The Battle Against Phishing Attacks and Similar ScamsEric Cole and David Kris of Theon Technology on Evolving Threats
Many entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises, say former CIA analyst Eric Cole and former Department of Justice Assistant Attorney General David Kris, who are both advisers at security firm Theon Technology.
"Humans are weak. The quality of the phishing emails is so high that a normal human cannot detect just by looking at it. And the [bad actors] move very fast once they break in," Kris says. "They can come in with an HVAC vendor or point-of-sale cash register and move laterally, unless your network is protected in a zero trust architecture," he says in an interview with Information Security Media Group.
Sometimes "paradigm shifts" are needed to better address these risks, Cole says in the same interview. "If you're looking at external email from external folks, if you block attachments and block embedded links, the impact to the business is actually smaller than most people realize, and the benefit is huge."
In the interview (see audio link below photos), Cole and Kris also discuss:
- Defending against and responding to ransomware attacks;
- The pros and cons healthcare entities need to consider when deciding whether to pay a ransom to extortionists;
- The top evolving cyberthreats.
Cole is an adviser at security firm Theon Technology. He has more than 30 years of network security experience and has worked at a variety of institutions, including the CIA, where he was an analyst.
Kris is a founder of Culper Partners LLC and an adviser for Theon Technology. He has more than 30 years of experience. In the private sector, Kris has served as a general counsel, deputy general counsel, chief ethics and compliance officer, and member of a corporate board of directors. In government, he was assistant attorney general for national security, an associate attorney general, and a federal trial and appellate prosecutor at the Department of Justice.