Phishing attacks are one of the main security challenges faced by IT and InfoSec teams around the world. Sophisticated social engineering attacks that attempt to trick users into giving up financial information are becoming more and more common, meaning IT and InfoSec teams are having to step up their defenses.
However, traditional email security approaches are struggling to cope with the problem of phishing. Modern attackers are highly intelligent, developing and using advanced phishing attacks that they’ve designed to slip through the gaps in legacy email security systems.
In a world where the cost of a data breach is becoming greater, not just in terms of monetary loss, but also in terms of your company’s reputation, stopping phishing has to be a high priority for any security team.
To find out more about how organizations can build an intelligent phishing security stack, we spoke to Tonia Dudley, Security Solutions Advisor at Cofense. Cofense is one of the top vendors focused on the issue of solving phishing attacks, using a combination of simulated phishing awareness training, crowdsourced intelligence and automated response.
We talked through the risks that phishing attacks pose to businesses, how organizations can approach the task of stopping phishing attacks, and what we can expect from the future of the email threat landscape.
Why Phishing Is More Dangerous Than Ever
Phishing attacks are continuing to grow more widespread because they are highly effective. Attackers are finding that, by creating refined phishing campaigns, they can evade traditional email security controls and deliver threats directly to users.
These attacks are growing more advanced and sophisticated, Dudley says. Attackers are commonly spending a lot of time researching their targets to create more realistic phishing emails that are harder to spot.
If they can gain access to Office 365 accounts, for example, attackers will analyze email chains to make their phishing emails seem more genuine. This makes it very difficult for both email security technologies and people to be able to successfully identify phishing attacks.
During the rapid rise to remote working we’ve seen caused by the coronavirus pandemic, the problem of phishing attacks has become an even greater risk for businesses. Research from Cofense has identified a “surge” in coronavirus themed phishing scams, exploiting the pandemic to trick users into making fraudulent payments.
“Attackers didn’t come up with new phishing kits,” Dudley says. “Instead, many of the threat actors we are monitoring adapted the Covid pandemic into their phishing attacks.”
The attackers “stepped up their game,” with the ultimate aim of using the crisis to trick more users. The more relevant a phishing email is to what’s happening in the news and in the world, the more likely users will interact with it, Dudley says.
Why We Need A New Form Of Phishing Defense
To protect against these advanced phishing attacks, Dudley recommends that organizations need to build a new form of phishing defense that doesn’t rely just on technologies like secure email gateways. Instead, she argues that phishing defenses need to be focused as much on changing user behaviours, as stopping phishing attacks from being delivered.
Cofense was founded with the idea of a unique method of tackling the problem of phishing attacks. Cofense’s co-founders, Rohyt Belani and Aaron Higbee, originally worked in penetration testing, helping organizations to test their network defenses with simulated cyber-attacks.
They realized that taking a similar approach to the problem of phishing could help to protect organizations and their users from sophisticated social engineering attacks. They built a platform that allows InfoSec teams to design realistic simulated phishing emails, which they could send to train users to detect and report real phishing attacks.
“They saw that when you’re simulating a phishing attack in the environment where they’re actually going to receive that message, it’s much more effective [at changing user behaviours and preventing successful phishing attacks]”, Dudley says.
Automated Phishing Remediation
Cofense has been named by Gartner as one of the top vendors in the security awareness and computer-based training market, which Dudley says comes down to their laser focus on tackling the problem of phishing in particular.
One of their key features to help protect against phishing attacks is a ‘Report Phishing’ button, which allows users to report phishing emails directly inside their inbox. “The goal is ultimately to get users to report the phish, instead of interacting with the email or just deleting the email. When these potential threats are sent to the InfoSec team, they get visibility they wouldn’t otherwise know was in their environment,” Dudley says.
Alongside this button is their Triage platform, which provides some automated analysis and remediation of emails reported by end users, helping IT teams to deal with the vast amounts of suspected phishing emails they receive.
“We’re up to 24 million buttons deployed across the world,” Dudley says. “Amplify that across an organization that has 100,000 users, that sometimes use it as their email delete button and they are overwhelmed.”
Triage solves this problem by tagging the malicious messages to allow the InfoSec teams to prioritize, analyze and process the reported phishing threats quickly. Then with Cofense Vision, they can quickly quarantine any emails that are legitimately malicious. This reduces the burden of responding to reported phishing emails away from the security team and provides faster phishing response.
The Importance Of Multi-Layered Protection In The Fight Against Phishing Attacks
In Gartner’s market guide for email security, they recommend that organizations take a multi-layered approach to threat protection. They advise organizations to implement multiple security layers in order to build a continuous and adaptive security stack.
Dudley agrees that businesses should “absolutely” be thinking about implementing multiple layers of protection to prevent phishing attacks. Organizations rely on email for so many processes that businesses need to do all they can to mitigate email threats, she says, including implementing a multi-layered security approach.
Using Cofense alongside traditional email gateway technologies can help organizations to achieve much greater protection against phishing emails. “Even though we have our secure email gateway database that shows customers how many phishing attacks make it past the gateway, we absolutely say that you should still have that gateway,” Dudley says.
“No one technology is ever going to be 100% effective,” she adds, but by adding different security layers they can all be beneficial to the organization in protecting against phishing attacks. “Having those different layers where you can add in different protections is going to help organizations reduce their overall risk”.
Best Practices To Protect Against Phishing
Dudley’s advice for organizations struggling to deal with the problem of phishing attacks is to start with phishing simulation training. “We see too many organizations get caught up on the metrics, instead of what they’re really trying to do with their phishing training program, which is to help your end users change their behavior and understand what the phishing threat is,” she says.
“At the end of the day, it comes down to investing in your human intelligence within your organization to leverage them to help you when it comes to identifying and mitigating against phishing attacks.”
Thanks to Tonia Dudley for participating in this interview. You can discover more about Cofense and their phishing defense solution here.