Despite being a tactic that pre-dates the internet, and recalls the days of scams surrounding depositing large amounts of money in your bank account, phishing remains a major problem of online security. In fact, research by Ironscales shows that it accounts for up to 95% of successful cyber-attacks worldwide.
Phishing also accounts for the main delivery of malware, including ransomware, and business email companies. Reportedly, both Facebook and Google fell victim to these attacks in 2017, with the attacker making $100m from the scam.
Surely there must be a way to prevent phishing attacks, and enable employees to spot and delete such malicious messages? Infosecurity spoke to three anti-phishing vendors: Ironscales, Cofense (formerly PhishMe) and KnowBe4 to get the best advice on how to avoid becoming a victim.
01 - Leverage Awareness Training, & Include Simulated Phishing Tests
Using these tactics can help teach your users how to spot and report attempted phishing attacks.
Source: KnowBe4
02 - Understand the Dynamics of Different Attacks
Understanding the different types of phishing scams will better prepare victims for the most targeted of attacks.
Source: Cofense
03 - Move Detection to the Mailbox
Organizations focus on the gateway, utilizing content filtering and signatures, allowing far too many malicious emails to slip past.
Source: Ironscales
04 - User Behavior Analysis and Mailbox Profiling
This type of profiling is crucial to ensure the detection and prevention of hyper-targeted phishing emails.
Source: Ironscales
05 - Use Multi-Factor Authentication
Enforce multi-factor authentication on users who handle the most sensitive information to help prohibit credential theft.
Source: KnowBe4
06 - Forensics, Response & Behavior Analysis
Combining behavioral analysis, mailbox profiling, automated forensics and response creates a multi-layered and holistic approach.
Source: Ironscales
07 - Share Threat Intelligence
Harnessing verified email phishing intelligence and event information can help organizations proactively defend their network gateways and endpoints.
Source: Ironscales
08 – Encourage Reporting of Suspicious Emails
Higher reporting rates equate to higher resiliency rates, and encourage employees to spot phishing messages.
Source: Cofense
09 - Use Secure Email & Web Gateways
Configure these to do URL filtering and block the most common malicious domains.
Source: KnowBe4
10 - Use Anti-Virus Software
Signatures will be updated regularly if you keep your software up-to-date.
Source: KnowBe4