In Part 1, we explored the uncomfortable truth that no matter how good your perimeter controls, malicious emails still reach the inbox. While security technologies do a great job of telling us about the attacks they have stopped, they do a poor job of telling us about the threats they have let through. This segues nicely into:
Uncomfortable Truth #2: You cannot defend against attacks you cannot see.
Visibility is a core tenet of any security operations center. Afterall, if a SOC has no visibility of an attack, they cannot mitigate it. As the threat landscape evolves, organizations deploy more and more layers of technology – panacea-promising point products aimed at the threat du jour. Sometimes these products generate so much noise they create a fog that obscures the threat. Sometimes they just don’t realize it’s there at all.
If some of the controls we have in place to protect us from phishing threats are failing to deliver on their promises, what next? I’m certainly not advocating that we rip out our secure email gateways and ditch them into the dumpster of derision. As I said in part 1, they do a good job of stopping known threats and patterns, and I for one am grateful for them stopping unwanted and unsolicited spam reaching my inbox.
Yet I’ve had many conversations with people who are placing blind faith in the promises of technical controls to keep them safe from phishing. While such enthusiasm is admirable, in this context it’s misplaced. The scale and sheer pace of evolution within the phishing threat landscape means that like any other control, it’s not going to be 100% effective. Bad stuff will get through, right under your noses.
Therefore, we have to remember that when technology fails, the only sensor that can give us visibility of attacks that have bypassed perimeter controls is the recipient themselves. Yet visibility of an attack is more than merely getting a report of a suspicious email from an end user. In future posts, we’ll look at this in more detail, and discuss enabling and empowering users to report suspicious emails, along with the capabilities needed to get visibility of phishing attacks.
Next up: Uncomfortable Truth #3 – The best security awareness program in the world will NEVER deliver a zero click rate. Until then, learn more about the expertise of Cofense™ Phishing Defense Center.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.
