Original price was: 2.800,00 EGP.2.198,00 EGPCurrent price is: 2.198,00 EGP.
Publisher : Wiley; 1st edition (February 21, 2024)
Language : English
Paperback : 448 pages
ISBN-10 : 1394249209
ISBN-13 : 978-1394249206
Item Weight : 2.31 pounds
Dimensions : 6 x 1.1 x 9 inches
Outstanding. And very useful.
This is a great guide to building or improving our company security awareness. Especially as I see certain users having issues with the recently mandated addition of MFA to our Microsoft 365 user logins.
Roger changed my mindset on security
When I first started in security I thought MFA was the silver bullet, then I sat in on Roger’s webinar on 12 ways to defeat 2FA and realized how much I had to learn. I think his book on MFA (which I quote often at work) lists over 15 different types of attacks on MFA. HIs new book on fighting phishing has a great chapter on DMARC, SPF, and DKIM which I am just starting to dig into. He also has a lot of info on email filtering apps and forensically examining emails which is super helpful. I just haven’t been finding this kind of material and this kind of depth anywhere else.
Very helpful reference to create a defense against phishing
Much of the encryption used today is based on the Advanced Encryption Standard (AES), selected by the National Institute of Standards and Technology (NIST) as the U.S. federal government standard. Besides being free to implement, it is extremely hard to break.After being in production for over 20 years, AES has been shown to be resistant to most attacks. But it is not immune to brute-force attacks. The downside to brute force attacks against AES is that it takes time, a lot of time. It would take about a billion years for an array of supercomputers to brute force a single AES 128-bit encryption key.Moving to AES 256-bit encryption key, even if you had every computer within AWS working on the problem, it would take tens of billions of years to break. And that is for but a single key.Therefore, no one is using supercomputers in parallel to break AES keys. Parenthetically, if someone has so much computing power, it would be more profitable to mine Bitcoin.Attackers wanting to breach systems who donât want to wait billions of years have found something relatively easy and infinitely more cost-effective to launch successful attacks, and that is phishing.Phishing is sending emails claiming to be from a legitimate source to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing is prevalent, given that it is possible to send out tens of millions of emails for a pittance. And even with grammar and spelling mistakes, people still fall for them.Any organization that does not have formal policies and processes to deal with phishing is placing itself at significant risk. In Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing (Wiley), author Roger Grimes has written a practical and valuable on how to do that.Phishing and wrong-number text scams are brilliantly simple but highly effective attack vectors. In this very practical and actionable guide, Grimes details in depth what firms need to do to mount a fighting chance against phishing attacks.Contrary to popular belief, wrong-number text scams and phishing attacks are not done by rogue hackers from their college dorms. Criminal gangs, often nation-state-supported, work behind very well-organized and managed organizations to launch these often sophisticated attacks. Unless a firm has a comprehensive set of policies, awareness programs, and technical strategies to mount a defense against phishing, they will invariably be victims.Part I of the book is Introduction to Social Engineering Security, with parts 2-4 on Policies, Technical Defenses, and Creating a Great Security Awareness Program. In truth, only part 1 is about phishing, while the rest of the book can be applied to effective information security practices. The lesson is that a good phishing defense has to be built on a good foundation of effective information security controls.An important topic the book details is what to do in the event of a successful phishing attack. Given the sophistication of many cybercriminal gangs, combined with the ineffective security programs at many firms, knowing what to do in the event of a successful phishing attack is paramount. The truth be told, most firms that donât have effective anti-phishing controls in place will likely not have a clue what to do in the event of a successful phishing attack, so they are doubly punished.Since phishing is a message-based attack, controls at that level are paramount. Part 3 on technical defenses provides a very detailed look at what firms can and should put in place to defend against phishing.Protocols and email authentication methods such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and more are discussed in depth. Thereâs no shortage of security tools firms can use to defend against phishing. The critical point is that it requires proactive security to do that. Donât wait for a successful phishing attack to do that. By then, itâs far too late.The Ponemon Institute reported in their 2021 Cost of Phishing study that the average cost of a business email compromise attack was close to $6 million. The cost of this book is $28. You do the math.Any firm that does not have a defined program to deal with threats against phishing, email invoice fraud, and the like will invariably fall victim to these attacks. For those looking to have a fighting chance against these scourges and more, Fighting Phishing is an excellent guide to help.n
Useful and vital information
Great book. Covers a 360 view of every way in and how to handle it. Kudos