By David Mount, Product Marketing
Back in 2008, CofenseTM (then PhishMe®) pioneered the concept of phishing simulation as a tool to reduce organizational risk to phishing threats. Since then, the phishing threat landscape has evolved at a rapid pace, as evidenced in many of the posts on this blog. Back then, traditional approaches to Security Awareness didn’t (and still don’t) demonstrably and measurably improve security posture, especially relating to phishing threats. And, as we’ve mentioned before (and we highlight in this blog), every threat identified by the Cofense Phishing Defense CenterTM has bypassed the technical controls like Secure Email Gateways that were out in place to protect the end user.
It’s Time to Shift Your Focus
If traditional approaches to phishing defense aren’t working, then what can we do?
Like many areas of cybersecurity, we need to shift our focus. We need to stop believing that the optimal approach is to stop all the bad stuff from breaching our defenses. Rather, we have to accept that stuff is going to get through, so we need greater focus on our ability to detect and respond to the threats that are inside our networks, including the phish lurking inside our user inboxes.
Now, I’m not saying that we ignore our defensive controls – absolutely not. However, we must optimize them. We need to understand the threat landscape to be able to effectively defend and ensure that we’re blocking as much known bad as possible. Consumption of phishing-specific threat intelligence enables us to do this and so much more. By understanding the phishing threat landscape, including current campaigns and emerging trends, we can fine tune our controls and refine awareness programs so that they’re focused on the right threats, at the right time.
But no control is 100% effective, and when technology fails and a phishing threat is delivered to the inbox, the only sensor you have in the environment that can alert you to it is the users themselves – but you must enable and empower them to do this. Here, phishing simulation earns its stripes. Rather than using phishing simulation to ‘test’ your users, use it to keep the risks of phishing front and center and condition them to recognize evolving phishing threats. But don’t stop there. Don’t get hung up on click rates on your simulations. Instead focus on reporting rates – a far more valuable indicator of behavioral change and improvement in defensive posture. When you encourage your users to report in simulations, they’re rehearsing the behavior that’s needed in a real attack situation.
When that attack happens (and it is a when, not an if), security teams need to be able to turn the emails reported by users into actionable intelligence – fast. They need to cut through the noise of spam and other non-malicious emails to find the bad stuff quickly. And when bad is found, the clock is ticking. The longer it takes security teams to take decisive action like searching for all users who have received the threat, and removing it from all inboxes, the greater the chance of significant compromise or data breach.
We’ve Got a Bundled Solution for You
Intelligent phishing defense is a fusion of the human with technology, and it shouldn’t be complicated. We’ve made it easier to for organizations to obtain essential phishing defense capabilities through our solution bundles.
Depending upon your specific needs, choose a bundle from the following flavors:
Awareness, Detection, Defense, Defense with Threat Intelligence, and Managed Phishing Defense. For more information, you can check out our solutions bundles here. You can also review pricing and a breakdown of capabilities included in each bundle.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.