By Hendrik Höcke, IT security officer at the Zurich University of the Arts
Whether with dynamite or a spear, phishing is a huge challenge for the Zurich University of the Arts (ZHdK). Currently, we reject more than half of the e-mails we receive every day, and the trend is rising. Of course, not all of them are phishing messages, but a serious separation from spam, scam and phishing mails etc. is hardly possible.
Sender Policy Framework (SPF) profiles and blacklists are used to check e-mails. Amavisd-new, its integration of SpamAssassin and Anti-Virus is another pillar for the automatic selection of e-mails.
If a phishing message is delivered to the ZHdK and an employee identifies it as suspicious, the e-mail is sent via ticket system to the IT department for examination.
We are increasingly finding that it is no longer just individuals in the company who are the target of attacks (CEO fraud). Rather, we observe scenarios in which a larger number of employees is approached to reveal passwords or other personal data. These phishing messages are often filled with business-related terms such as “your IT department”, “your Office365 team” or “the finance department”. These e-mails then link to websites with the company’s own logo and details.
Focus on awareness
Due to the frequently changing phishing campaigns, this area is very dynamic. Therefore, in addition to technical measures, we see the employees as a central factor for the successful identification and handling of phishing messages.
From our perspective, the consistent training of colleagues is the basis for the successful identification of fraudulent emails. These training courses currently take place annually at the ZHdK and this year, for the first time, they have been carried out by an external company.
On the one hand, this gives us the opportunity to help shape the courses’ content. On the other, for example, we create new scopes for evaluating new technologies.
We also encourage our employees to forward any suspicious email to the IT department. By constantly sending suspicious e-mails (10-20 per week) we can train our mail filters effectively with spam and ham. Moreover, employees also play an active role in fighting phishing attacks and helping to reduce false positives.
In the fight against phishing, the employee can be the strongest link. The more the employee is at the centre of the IT security strategy, the shorter the way to get there. It is worth it!
About the author
Hendrik Höcke is IT security officer at the ZHdK. Previously he was deputy head of IT and IT security officer at the Humboldt Forum in Berlin. He is certified in the fields of IT security as well as data protection and studied technical computer science (M.Eng.) in Berlin.
About the ZHdK
With around 2,100 Bachelor and Master students and 650 teaching staff, Zurich University of the Arts is one of the major universities of the arts in Europe. The study and research programme covers the areas of design, film, fine arts, music, dance, theatre, transdisciplinary studies, and the teaching of arts and design. The university also has many venues for exhibitions and performances, where the results of the education provided can be shown in public.
Read more on the GÉANT Cyber Security Month 2020: https://dev.connect.geant.org/csm2020