Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks

TL;DR

This paper reviews historical and emerging phishing techniques, emphasizing the importance of effective training and technical controls to mitigate social engineering risks in organizational security.

Contribution

It provides an overview of attack vectors and discusses strategies to improve training and technical defenses against phishing and social engineering threats.

Findings

Common and emerging attack vectors identified

Training effectiveness is crucial for mitigation

Technical controls can significantly reduce risks

Abstract

Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.