TY - GEN
T1 - Study on the effectiveness of the security countermeasures against spear phishing
AU - Song, Misun
AU - Seo, Junseok
AU - Lee, Kyungho
N1 - Funding Information:
This work was supported by the IT R&D program of MSIP/KEIT [010041560, A development of anomaly detection and a multi-layered response technology to protect an intranet of a control system for the availability of pipeline facilities].
Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians. Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack. Furthermore, the need for countermeasures to the attack was presented. Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g. e-mail filtering system) cannot follow the trend utilized by most attackers. Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing. There is an urgent need to accomplish these objectives because the attack is gradually evolving. In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation. In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data.
AB - The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians. Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack. Furthermore, the need for countermeasures to the attack was presented. Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g. e-mail filtering system) cannot follow the trend utilized by most attackers. Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing. There is an urgent need to accomplish these objectives because the attack is gradually evolving. In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation. In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data.
KW - Phishing
KW - Policy
KW - Simulation
KW - Social engineering
UR - http://www.scopus.com/inward/record.url?scp=84922139481&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-15087-1_31
DO - 10.1007/978-3-319-15087-1_31
M3 - Conference contribution
AN - SCOPUS:84922139481
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 394
EP - 404
BT - Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers
A2 - Rhee, Kyung-Hyune
A2 - Yi, Jeong Hyun
PB - Springer Verlag
T2 - 15th International Workshop on Information Security Applications, WISA 2014
Y2 - 25 August 2014 through 27 August 2014
ER -