Keep valuable data safe from even the most sophisticated social engineering and phishing attacks

Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.

• Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them
• Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin
• Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading
• Develop technology and security policies that protect your organization against the most common types of social engineering and phishing

Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.

A complete approach to defending yourself and your organization against phishing

Social engineering and phishing are involved in up to 90% of all successful hacker and malware attacks, making them by far the most common strategies. They are also the most dangerous, because they take advantage of the human element, manipulating individuals into willingly providing sensitive data like passwords. Fighting Phishing is about how you can better protect against these ever-evolving threats.

When it comes to stopping phishing, education is key, and inside you’ll find detailed descriptions of how these attacks take place, along with valuable information on how to recognize them and take appropriate action before your systems are breached. However, for a comprehensive, defense-in- depth strategy, you will need to implement policies and technical defenses as well. This book is all about combining these elements to create a rock-solid anti-phishing posture.

Written by senior cybersecurity architect and defense evangelist Roger Grimes, this book draws on decades of expertise, as well as a thorough understanding of the newest scams―and the tools needed to stop them. As a leading media commentator, Grimes is well respected for his ability to clearly explain cybersecurity concepts and help organizations implement technical defenses. Inside, he offers wisdom that no one with an interest in cybersecurity can afford to ignore.

Table of Contents

Part I Introduction to Social Engineering Security

Chapter 1 Introduction to Social Engineering and Phishing

Chapter 2 Phishing Terminology and Examples

Chapter 3 3x3 Cybersecurity Control Pillars

Part II Policies

Chapter 4 Acceptable Use and General Cybersecurity Policies

Chapter 5 Anti-Phishing Policies

Chapter 6 Creating a Corporate SAT Policy

Part III Technical Defenses

Chapter 7 DMARC, SPF, and DKIM

Chapter 8 Network and Server Defenses

Chapter 9 Endpoint Defenses

Chapter 10 Advanced Defenses

Part IV Creating a Great Security Awareness Program

Chapter 11 Security Awareness Training Overview

Chapter 12 How to Do Training Right

Chapter 13 Recognizing Rogue URLs

Chapter 14 Fighting Spear Phishing

Chapter 15 Forensically Examining Emails

Chapter 16 Miscellaneous Hints and Tricks

Chapter 17 Improving Your Security Culture

About the Author

ROGER A. GRIMES has 35 years of experience in computer security and has authored 13 previous books on the topic. He is the Data-Driven Defense Evangelist at KnowBe4, a security awareness education company, and a senior computer security consultant and cybersecurity architect.