Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

 View Only

  • 1.  How to Detect and Mitigate Phishing Attacks on IBM Systems?

    Posted Mon February 10, 2025 08:45 AM
    Edited by Kat Jarvis Fri February 21, 2025 09:51 AM

    Hi everyone,

    We've been seeing an uptick in phishing attempts targeting our organization, and I'd like to know what tools or methods are most effective in detecting and mitigating phishing attacks within IBM systems.
    Has anyone successfully implemented a solution for this within their IBM environment?

    Thanks!
    Founder of: https://www.concretesrichmondva.com/



    ------------------------------
    Ella Grant
    ------------------------------



  • 2.  RE: How to Detect and Mitigate Phishing Attacks on IBM Systems?

    Posted Mon February 10, 2025 01:30 PM

    1. Check the system security status: Begin by checking the current security level of your system.

    2. Increase the security level (if necessary): If the qsecurity parameter is set to 20, plan to increase it to at least 30 for enhanced protection.

    3. Protect the shares: Implement security measures for network shares.

    4. Share protection methods (depending on the operating system release):

      • If you have release v7r5m0 or later: You can easily associate authorization lists directly with the shares for simplified security management.

      • If you have a release prior to v7r5m0: You will need to protect the individual directories within the shares by setting permissions and authorizations at the directory level.

    5. Benefits of a good security policy: By implementing an effective security policy, you can prevent the theft of sensitive data from your Power I.



    ------------------------------
    Giancarlo Lui
    CTO
    Horsa Power
    Settimo Milanese
    02 3359 1375
    ------------------------------

    Original Message


  • 3.  RE: How to Detect and Mitigate Phishing Attacks on IBM Systems?

    Posted Mon February 10, 2025 02:51 PM

    First, what "IBM systems" are you running?  IBM i?  Z? Other?

    If you mean all, then this involves education, email monitoring, and in the words of Alastor Moody, constant vigilance.  We have courses we subscribe to geared towards training end users on this.  We also subscribe to a service which sends out phishing emails to end users  and if they click on the link you get a nasty gram and have to retake the training.  We have buttons on their email to report emails as possible phishing attacks.  If they report one of our traps they get an immediate "attaboy" response.  Granted, some users get in the habit of reporting every external email as a phishing attack just to vex us after they've had to retake the training.  All users retake the training at least annually.  It does get refreshened.

    Giancarlo's response seems geared towards one particular IBM system, IBM i.  My favorite.  I would add, monitor share creation.  Creating a share over the root directory is accepted as a letter of resignation.



    ------------------------------
    Robert Berendt IBMChampion
    Business Systems Analyst, Lead
    Dekko
    Fort Wayne
    ------------------------------

    Original Message


  • 4.  RE: How to Detect and Mitigate Phishing Attacks on IBM Systems?

    Posted Tue February 11, 2025 08:45 AM

    Good  Morning
    The first thing we have done and also have recommended to our customers is ongoing Security training.  There are many solutions like this which require weekly involvement in videos and content by employees.  We use PII Protect

    We have a very focused security practice around mobility and have begun advising our customers MDM is not enough.  We are now positioning IBM Mobile Threat Defense at our customers.  This solution is incredibly timely as it targets malicious mobile apps, Smishing (Malicious text Messages) Suspect QR Codes and bad WIFI networks.  Just stop to think about the exposure to your organization if one of your employees, with access to any company assets: Email, Network File share, 365 assets like SharePoint, clicks on the wrong link in a spoofed  text message, downloads and accepts permissions on the wrong app, or scans the wrong QR code.  Your assets, IP, sensitive data and other info are now vulnerable without you knowing.

     

    We had a customer whose owner was in his 80's with access to all company assets including the company bank accounts.  He downloaded the wrong app, which opened full access to everything on his smartphone.  The Bad Guys were able to discover all his banking app logins, accessed the company bank accounts, even changed the 2 factor phone number and removed $1.5 million dollars from their account. 

     

    Consider the impact to liability insurance when events like this happen. 

     

    Thanks!

     

    Mitch Lauer

    Sr. Management Consultant

    Business Development,

    Technology and Security

    connecTel  Wireless              

    216-970-6981 | Cell-US           416-801-3127 | Cell-Canada  

    412-339-5775 | Help Desk      412-339-5765 | Direct Dial

     

     

     

     

     




    Original Message


Related Content