Part 1 of 2
As seen in Cofense’sTM 2019 Phishing Threat & Malware Review, threat actors innovate relentlessly. Technologies like secure email gateways (SEGs) can’t keep up. In fact, the vast majority of phishing emails verified by the Cofense Phishing Defense CenterTM are found in environments using SEGs.
With so many malicious emails making it past security controls, the human factor becomes decisive. This means your phishing awareness program needs to stay in fighting trim. In particular, it’s important to educate users on attacks that breach your perimeter, working with your SOC to focus on the most frequent threats.
If your program has been up and running for a few years, it may be time to rethink what you’re doing. Let’s start by looking at your threat profile and your program’s approach to communications.
Rethinking Your Threat Profile
If you conducted a risk profile in the past, consider revisiting your findings to see if they reflect both your internal environment and external threats. If your business has never done a risk profile, you should probably set a cadence to review your company’s risks.
Threat actors look at a lot of factors before targeting an attack, so your phishing awareness program should do the same. Privileged access users and high-risk business functions, geography, technical environment, adherence to compliance standards, and corporate communications and email style can all be used to launch a phishing attack.
One smart way to identify risks: review all Software as a Service (SaaS) applications. Because these applications use email to send, receive, and log communications, threat actors can easily leverage them to design attacks. Cofense CloudSeekerTM is a free tool that can help. It allows you to report on SaaS applications configured in your environment, including any provisioned without IT’s knowledge. CloudSeeker starts with a catalog of popular SaaS applications and checks each to see if a domain has been configured for use.
If your organization uses any well-known hosted services, remind your staff of the dangers of credential phishing and spoofed websites. Credential simulations are a good idea. You might also use newsletters or announcements to spread the good word. Speaking of which…
Rethinking Your Communications Approach
One of the keys to a successful phishing awareness program is a communications plan. You need to communicate regularly, including before and after each simulation.
Cofense PhishMeTM offers content to help you communicate better. You can use it to remind employees why they’re receiving email training in the first place, plus arm them with the information they need to be successful.
You can use a newsletter, for example, to educate employees on phishing emails that spoof brands like LinkedIn. For legal reasons, you shouldn’t spoof a brand in a simulation, but a newsletter post can warn users that some branded emails are fakes.
Also, embrace the power of “Thank you!” When users report an email and get an immediate response with a thanks, they’re more likely to report again. Users want to know what happens after they act. They also want to know what next steps, if any, they should take. Should they process that invoice? Can they post that purchase order or send it on for signature? Don’t keep them in the dark—communicate and pass out kudos.
In part 2 of this blog, we’ll look at rethinking your simulations. How can you make sure they’re helping to guard against real threats? Stay tuned.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.
