With a growing available attack surface and plenty of resources available via the dark web, today’s phishing threat actors seem to hold all the cards. Network security teams have to employ numerous security protocols, while juggling the human element and their myriad of applications and devices in play. In a recent blog post, we shared the first five of ten new approaches to help organizations improve their phishing security. These approaches were part of an Osterman Research white paper we commissioned that explored today’s threat landscape and how organizations can leverage new methods to address phishing, business email compromise (BEC), account takeovers, and other related security threats.
Here are the remaining five new approaches that can help improve phishing security.
- Focus on the endpoint
The endpoint is one of the most challenging and serious threat vectors facing security decision makers. Conventional malware is ongoing, but now has been joined by advanced threats that can hide in plain sight until triggered, cover their tracks, or attempt to slip in undetected through social engineering tricks or rogue and/or vulnerable applications. Also, as more network traffic becomes encrypted with SSL and TLS 1.3, network-based security solutions will lose visibility and effectiveness. Endpoint security will become more important, not less. And, as endpoints are increasingly mobile and use outside-of-network-perimeter protections, endpoint security solutions become a primary defense. Moreover, it’s not just about protecting the endpoints from malware with antivirus solutions. It’s also about protecting endpoint users from phishing, both inside and outside perimeter defenses, with stronger anti-phishing technology and protections on the endpoint.
Many organizations are implementing endpoint detection and response (EDR) solutions to address some of the shortcomings in their current security infrastructure. EDR provides continuous monitoring of the wide range of endpoints on or off corporate networks, which enables security staffers to monitor not only malicious attacks from external sources, such as advanced persistent threats (APTs) that might result in data breaches; but also to keep tabs on anomalous activity from inside the organization, such as crypto mining or data theft from departing employees.
- Focus on faster triage and remediation
Osterman Research found that the triage and remediation of security incidents is simply not adequate. As example, only 59 percent of internal threats are triaged in less than a day, and 12 percent take four or more days. Also, only 39 percent remediate threats in less than a day, while 17 of remediation activities take four or more days.
The use of automation and artificial intelligence/machine learning will take on a much more important role. Also key will be the use of good threat intelligence that can enable threat hunters and security personnel to better understand the significance of alerts and anomalous behavior, to provide more context around these events, and to better understand how alerts and suspicious behavior fit into patterns.
- Create communication backchannels
One of the best ways to thwart a BEC attack is by enabling out-of-band communications between the supposed sender and the recipient of the request. For example, if a CFO receives an email request from the CEO for a quick wire transfer, or a low-level staffer receives an email request from the VP of Human Resources to send all of the company’s W-2 information, all that’s usually needed to verify the validity of the request is a phone call or text message. There have been numerous examples in which something simple like this wasn’t done, and some companies have lost millions of dollars as a result. We’ve highlighted similar attacks that target HR departments in a previous blog post.
- Take a Security Orchestration, Automation and Response (SOAR) approach to security
Many organizations have a variety of disparate security solutions but have not integrated them adequately to take a more holistic view of security. The use of SOAR can provide this needed integration by a) integrating the various security processes and tools necessary to address a security incident, b) automating the management of various tasks inside of and between different security solutions that otherwise would be managed using manual processes, and c) enabling more rapid response to security threats than would otherwise be possible using traditional, manual processes.
- Secure your cloud accounts
With the growth of cloud apps, cyber criminals are compromising cloud accounts to launch phishing, BEC and malware-based attacks. Once they compromise a corporate-approved cloud app, they use legitimate accounts to send phishing emails and BEC emails inside and outside an organization.
To address this problem, organizations must secure their cloud accounts. They’ll need granular visibility into cloud usage and detection capabilities that can identify risky files in their cloud apps, and spot suspicious logins or activity. Analytics will be important to establish a baseline of user behavior and detect anomalies for investigation.
Our Real-Time Phishing Threat Intelligence and Targeted Phishing Defense solutions that can see beyond a legitimate website to identify malicious threats that might lie in wait. Start a free 15-day trial of Real-Time Phishing Threat Intelligence or contact us for a demo of our Targeted Phishing Defense to see how you can protect your organization.