Know Who to Call When Phishing Strikes......................................................................................................
By Russ Cohen
As a former "white hat hacker” helping businesses improve cyber security by illuminating areas of
vulnerability, one of the more creative aspects of my job was crafting a convincing phishing attack. The
objective was to construct an email that looked like it came from a reputable business partner, important
customer, or senior executive, but with the malicious intent of enticing the unsuspecting recipient to
unlock the door leading into the company’s internal network. Once we opened this door, the organization
had a line of sight into how to improve its anti-phishing practices.
The stakes are high, given the nefarious intent of bad actors to disrupt ongoing business operations for
financial gain, steal proprietary data such as engineering designs and blueprints, and bring down several
organizations at once—creating global chaos. In many cyber-attacks, phishing served as a great door
opener, accounting for 32% of all confirmed data breaches in 2018, according to the Verizon 2019 Data
Breach Investigations Report.