TECHNICAL SECURITY TESTING & ETHICAL HACKING

Phishing 

Phishing is a method of obtaining sensitive information from users through deception.

Many attackers use a phishing attack, convincing employees to give up credentials, and then take advantage of weak or default passwords on remote services to gain initial access to the network.

The engagement team sends email requests for information that appear to come from a legitimate source. Through the use of a false “from” address, and sophisticated stylistic touches (e.g. logos and professional looking graphics), phishing emails have the genuine look and feel of a message that recipients might expect to receive from a person or a company with whom they do business.

Typically, the message requests the recipient to verify or reconfirm confidential personal information such as account numbers, user names, passwords, and other sensitive information.

To provide a sense of urgency, the email may indicate that the recipient’s account will be suspended or cancelled if the information is not verified by a certain date.

The engagement team directs the phishing attacks at high-risk targets such as:

  • Employees likely to have access to sensitive or confidential executive-level information where successful compromise could result in a data breach.
  • Employees likely to have access to patient information where a successful compromise could result in a data breach.
  • Employees likely to have access to critical systems or infrastructure where a successful compromise could result in a data breach.

According to the Verizon 2019 Data Breach Investigations Report, “Phishing was present in 78% of Cyber-Espionage incidents.”

Conducting phishing exercises helps to reduce the risk and exposure to some of these attacks and helps to determine the effectiveness of the security training and awareness program.

Social engineering exercises also help an organization test the effectiveness of their policies and procedures.

Phishing Graphic2

WHAT SETS MEDITOLOGY APART

  • #1 Ranked Best in KLAS for Cybersecurity Advisory Services for 2019
  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS