The Phishing Problem
Although phishing attacks have cooled off a bit since 2015, they are still remarkably common. In fact, BakerHofstetler recently reported that phishing attacks are the leading cause of data security incidents; responsible for over a third of all events. The attacks usually don’t stop with one user, but instead spread throughout the network. These attacks remain successful for two main reasons: they target the network’s weakest link (the users) and they continue to evolve while the solutions often remain stagnant. We also tend to trust emails that we receive from coworkers, which explains how one compromised email can quickly turn into a dozen. At their worst, phishing attacks can have a 45% success rate and lead to network compromise that will cost an organization millions. At their best, they will cause headaches and bog down the productivity of the users and IT staff.
Common Solutions
Because phishing is dependent on deceiving users, teaching users how to spot and report phishing attempts is a key component of a defensive strategy. This can be done through user awareness training. This training allows the IT team to efficiently educate users on the most common phishing practices and how to react to them. The best services include simulated phishing attacks that can be run against users to see who still needs more training. They will also include an analytics engine, so the organization can track how readiness is improving over time to gauge the effectiveness of the training service. These services are constantly being updated to reflect the ever-changing threat landscape.
Email security services
An email security service is also useful for warding off phishing attacks because it allows IT to filter the content that reaches the users. The best option in this area would be a managed email service because the team handling the filtering will be professionals at that specific job and your IT staff won’t have to dedicate time to it. However, some protection is always better than nothing. Fortunately, most organizations currently have some form of email security in place.
Although email security services are now being run in pretty much every organization, not all these services are created equal. Pharming, a form of fishing, involves changing the IP addresses associated with legitimate website names. This means that a URL that is clearly correct can still direct you to a malicious site. Criminals can also mimic the login pages of collaboration tools like Dropbox and Google Docs to gain access to valuable information. These more advanced forms of phishing require a more advanced email security solution. To protect against these types of attacks your email service should have built in anomalytics. A service that utilizes anomalytics will look at unusual traffic patterns and rewrite embedded URLs to monitor them for in-page exploits and downloads.
The Two-Pronged Approach
Implementing an email security service and user awareness training together is a great idea because these two services attack the phishing problem from two different angles. Limit the number of attacks that reach the users while helping the users spot the attacks that do reach them. The five functions in the NIST framework core are Identify, Protect, Detect, Respond, and Recover. Your email service will fall under the Protect function in this framework.
User awareness training handles Detect and Respond. Although deploying one of these services alone will improve your organization’s defenses against phishing, you should consider the two-pronged approach. If guests at your house complain endlessly about mosquitos in your backyard, you would offer them bug repellant and probably also buy a mosquito trap. Phishing attacks are a lot like mosquitos: even if they don’t give you malaria, they’re still a pain in the neck. To find out more about a two-pronged solution, contact Clearnetwork today.
References
https://www.nist.gov/cyberframework/online-learning/five-functions
https://www.engadget.com/2014/11/08/google-says-the-best-phishing-scams-have-a-45-percent-success-r/
https://www.proofpoint.com/us/threat-reference/phishing