How to defend against phishing | cybersecurity interview

Most breaches don't start with hacking code. They start with a convincing email.

Phishing tricks a human into giving up credentials or running malware. Defense is layered: technical controls (email filtering, MFA, phishing-resistant keys) plus training, because no single layer catches everything.

Attackers target people because it's easier than breaking crypto. A fake-but-believable login page harvests the password. The fix isn't one tool, it's reducing both the odds of the click and the damage if it lands.

The defense:
- Filter and flag suspicious email (SPF, DKIM, DMARC, external-sender banners)
- Require MFA, ideally phishing-resistant hardware keys, so a stolen password isn't enough
- Train people to verify links and report, and make reporting one click
- Limit blast radius with least privilege, so one phished account isn't game over

The gotcha: training alone never hits zero, a good phish fools smart people on a bad day. So you assume a click will happen and engineer for containment (MFA, least privilege), not just prevention.

More user training, or phishing-resistant tech that removes the human?

#cybersecurity #cyberinterview #infosec #informationsecurity #hacking #security #phishing #socialengineering #infosec #cybersecurity

Видео How to defend against phishing | cybersecurity interview канала The Cyber Round