Cyber Attacks using Phishing, Spear Phishing, and Whaling

Cyber Attacks using Phishing, Spear Phishing and Whaling
Student Name:
Professor:
Course Title:
Date:
Cyber Attacks using Phishing, Spear Phishing and Whaling
Cyber attacks are purposeful exploitations of computer systems, networks, and technology-dependent enterprises. They are attempts by hackers to destroy or damage a computer system or computer network (Vaas, 2014). This paper describes the difference between whaling, phishing, and spear phishing attacks. Various risk responses are also described. Moreover, risk mitigation is determined by applying industry best practices and principles.
Phishing, Spear Phishing, and Whaling Attacks
A Phishing Attack is a cyber attack commonly perpetrated through emails, and is an attempt of deceiving users in some way. The hacker, as Alsharnouby, Alaca and Chiasson (2015) pointed out, can trick his/her target into opening an email attachment that contains a malicious code. The target can also be tricked into sending his/her personal data to the sender, or into visiting a webpage in which he/she enters his/her personal information (Fruhwirt et al., 2014). The motives for phishing attacks range from trying to obtain protected information to utilize for unlawful purposes, to attacking entire networks, to hijacking computers and infecting them (Mohammad, Thabtah & McCluskey, 2015).
A Spear Phishing Attack is a sort of targeted phishing attack that a hacker uses to increase his/her chances of success. It is a much greater threat and a lot more sinister than a phishing attack given that it zeroes in on a certain business, organization, or individual (Sarikaa & Paul, 2017). A phishing attack gets its name from the notion that a hacker is trying to fish for random victims with the use of fraudulent or spoofed email as bait. A spear phishing attack extends this fishing analogy as the attacker is targeting high-value companies and/or individuals in particular (Didraga, Bibu & Brandas, 2013). Rather than attempting to obtain banking credentials for 500 people, attackers might decide to target a government official, or person who works for another government agency, for the purpose of stealing state secrets (Jensen et al., 2017).
Whaling Attacks are targeted attempts to steal confidential information from an organization, for instance, financial data or private details regarding staff members, in most cases for malicious reasons (Jagatic et al., 2007). Whaling attacks, particularly target a company’s senior management that holds power, for instance top executives like the Chief Financial Officer or the Chief Executive Officer, who have full access to the company’s confidential information (Jensen et al., 2017). These attacks are referred to as whaling attacks owing to the size of their victims compared to the victims of the typical phishing attacks. It is of note that the whales are selected in a careful manner, owing to their authority as well as access within the organization. Whaling attacks are aimed at tricking senior executives into disclosing corporate or personal data, mainly by means of email or website spoofing (Jagatic et al., 2007).
Risk Responses
Risk Avoidance is understood as elimination of risk. An activity that poses a possible risk is avoided completely. When an organization avoids a risk, it also forfeits potential gains, for instances potential gains with investments or in business (Didraga, Bibu & Brandas, 2013). Risk avoidance might be the suitable risk response when the risk exceeds the company’s risk tolerance and appetite, and a determination is made to make an exception. An organization takes certain actions to remove or considerably change the activities or processes which are the basis for the risk (Arachchilage & Love, 2014).
Risk Acceptance means that the company is ready to accept the risk level that is associated with a certain process or activity. The outcome of the risk evaluation, as Chen, Lin and Sun (2015) pointed out, is mainly within tolerance. Accepting risk is effective for a small risk that is not posing any major financial threat to the organization. No action is taken. The company accepts that the risk may occur and decides to cope with it if it happens (Didraga, Bibu & Brandas, 2013).
Risk Sharing/Transfer is undertaken when an organization desires or can shift responsibility and risk liability to another organization. The entire risk liability or responsibility is shifted from one company to another, mainly by purchasing insurance. Specifically, the company transfers financial risk to a third-party entity, namely an insurance firm (Arachchilage & Love, 2014).
Risk Mitigation entails limiting the impact of a risk so that if the risk actually happens, the impact created by that risk is smaller and could be fixed easily. In essence, the possibility or extent of a loss is reduced. This could be done by limiting the amount of risky activity or increasing precautions, for instance by wearing a helmet in a construction site, wearing a seat belt in a car, use of smoke detectors, or using security alarms. Hedging and diversification of assets are the types of risk mitigation with investments.
Risk Mitigation
PhishMe and PhishGuru
Risk mitigation can be effectively determined through the application of best industry principles and practices, and IS policies, including PhishMe and PhishGuru. PhishMe assists business organizations to train their staffs in recognizing p...