A company has gone through a round of phishing attacks.
More than 200 users have had their workstation infected because they clicked on a link in an email.
An incident analysis has determined an executable ran and compromised the administrator account on each workstation.
Management is demanding the information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?
Click on the arrows to vote for the correct answer
A. B. C. D. E.E.
The best option for preventing a similar incident from happening again would be D. Application whitelisting.
Explanation:
A. Antivirus: Antivirus software is designed to detect and remove viruses and malware from computer systems. However, it is not foolproof and can sometimes miss newer or more advanced forms of malware. In this case, it is likely that the malware used in the phishing attack was able to bypass the antivirus software.
B. Patch management: Patch management is the process of regularly applying software updates and patches to operating systems and applications to keep them up-to-date and secure. While patch management is an important part of maintaining security, it may not have prevented the phishing attack and subsequent compromise of the administrator accounts.
C. Log monitoring: Log monitoring involves reviewing system logs for unusual activity and investigating any suspicious events. While log monitoring is an important part of incident response and can help detect and respond to security incidents, it may not have prevented the initial phishing attack.
D. Application whitelisting: Application whitelisting is a security technique that allows only authorized applications to run on a system while blocking all others. By implementing application whitelisting, the organization can prevent unauthorized applications from executing, including malware that may be downloaded as a result of a phishing attack.
E. Awareness training: Awareness training is a useful tool to educate users on the risks of phishing and how to avoid falling victim to these attacks. However, it may not be enough to prevent a determined attacker from successfully compromising the organization's systems.
In summary, application whitelisting would be the best option to prevent a similar incident from happening again by blocking unauthorized applications from running on the system, including the malware that was used in the phishing attack.