Often times we come across information that doesn’t really hit in the moment but one day out of the blue, it all starts making sense. Well that is how information and thinking works.

Back in the day, information was guarded and not accessible to all. Education was privileged and only accessible to those who belonged to higher social status.

Feels unfair, right? Why should the top 1% have all the access to years of wisdom?

But as Internet came along, it allowed us to infinetely feed our curiosity. It democratized access to information for the masses and levelled the playing field for anyone to learn, build and educate themselves.

From empowering globalisation, to you reading this essay, internet has simplified access from the comfort of your home. Feels like magic sometimes, isn’t it? 💫

But internet is not a garden where it’s all rosy and happy, it can be a dark place too. A large part of the internet is not indexed and visible in your search results. Exploring these sites is a rabbit hole in itself.

Now with technology you can hide, anonymize, secure information without getting tracked or noticed by anyone. Combine that with the ability to limit your visibilty on the internet by not allowing search engines to index your site. This is a perfect breeding ground for illegal activities leveraging the powers of the internet.

It’s misusing the powers and defying the objective for what something was built for and using it meet ones own means.

Hacker forums and dark web forums leverage the capabilities of the internet to their own means where posts are filled with hacks, exploits that can take down entire infrastructure systems together, disrupt economies of scale in the process and all illegal other activities you can imagine of.

We have seen these happen recently with the attack at a nuclear power plant in india, the colonial gas pipeline attack in the US. Ransomware attacks on Sun pharma and more.

with a but it has a negative consequences attached to it where users with malicious intent can exploit this freely available information to exploit users.

Within the security space. phishing is one of the longest looming issues that we have beeen facing and loking for a solind solution.

for became the fuel for building solutions information accessible and avaialable to anyone across the world!

Internet is a medium to share, connect, learn and write onand a way to meet people all around the globe with the ability to manage and meet This free flow of infomation opened up new modes of communication and ability to share their thoughts into the void of internet where anyone with connection and input string could read your piece or information.

In some ways, the internet sometimes behave and depicts the properties of nature - where a web of interconnectedness and hierachy helps build a peaceful jungle.

In nature, things are random and not random at the same - their is fonnacii sequence in flower but also randomness with the amount of hair is too much for your skin.

Nature grows in the wild on its own without any external help required, but unlike the agriculral and revolutions that took place across Punjab, Haryana farmers got used to the chemicasl in the process depleting resource for natural production.

Well also the

Information and knowlege in general likes to be free and be introduced to new audience!

This led information being available in free-flow and mkaing it know to the audience

with things good there needs to be a necessary evil to balance things out and make sense of

Free flowing security when it comes to phishing emails

Phishing has been looming all across for several years from the dawn of hacking and exploitation.

It’s more a phenomenon you come across sooner or later, with more or later

all of this ties back to the larger concept of social engineering

Social Engineering if not tackled early leads to worse outcome as it is a ticking time bomb just waiting for the right to explode to cause maximum damange.

With phishing and security in general, most have the perception that they are safe and secure because some 3 yeards their annual security audit gave them the highest ratings.

But these don’t mean shit. Once you are down, you are down. You lost - nothing can change that now once you’ve been phised and taken down.

Even giants get breached with the simplest of tricks like phishing, Take the Identity giant Okta. Late last year they got breached and hackers had access to their data and

Well phishing over years has also evolved, just like that saying goes where you first go through the bad cycles and that lies/hate travels faster than truth. Similarly hacks and exploits of tech are already out by the time the large audience and market starts adopting the tech.

This is an advantage the bad guys have over corporation. Is their ability to hack around, reverse engineer and figure out the solution, find loopholes within that and build a solution that exploits the system.

Same is the case with phishing, started out with just trying to social engineering by impersonating another user and succefull access a reosurce or system.

The problem here is that no verification was present.

The solution for this was to add signatures to emails where signatures from the sender and receiver to match to make sure not data is being snooped or manipulated by attacks on the network.

But now you ask on how does one solve phishing for a fast growing startup and what would the ideal advice be?

Firstly any advice is contextual, what works for one might not work for you.

products and security in a broader sense on how it enables for solutioning

Problems with current cybersecurity trends and solutioning

Building for scale while keeping things secure

very tricky

needs a lot of focus and attention

is very hard

needs everything in place at the right time

===

Question:

Response:

by free-flowing, I mean that security as a concept should be fundamental/given to what you build.

In the case of phishing the best free-flowing security solution would be something that solves the problem at the base layer itself, where the impact is low, and admins can prevent the phishing attack from expanding in the first place - Microsoft has some of that tech, but the current process of always having a reactive approach, adding more defense in depth capabilities and leaving it up to user education to figure it out is pretty bad.

Microsoft Defender ATP does something like, Scan mail -> check signature _> manage filtering -> bucket items -> sandbox -> test -> quarantine if required. There are always edge cases to the system that get abused.

But quarantine as an implementation makes a lot of sense and it would be similar way on how you approach viruses in real life to prevent them from spreading.

Phishing is an interesting problem to have as it is probably the easiest and toughest problem to solve at the same time when you look at it from a different user lens. But I feel like we will get there eventually.