Regular followers of Cofense™ know that phishing threats evolve. For detailed evidence, read the Cofense Malware Review 2018 and see the techniques threat actors employ to keep security teams on their toes.
As attackers evolve, so must the guardians of organisational security. It’s essential that we take the time to review our phishing defence strategies, and ask, “Is it maturing, or is it just getting old?”
When reviewing phishing defence, what does ‘mature’ really mean? No longer can we be satisfied that we’re making our users more ‘aware’ of phishing, and through this we’ll reduce our risk. It’s simply not true. At Cofense we’ve long-championed the mantra that for true phishing defence, user awareness isn’t the problem, and simply increasing awareness is surely not the answer. The real problem is twofold:
1. Lack of visibility of real threats bypassing our perimeter controls
2. Our ability to understand these threats and effectively respond
Recently, the Cofense Phishing Defence Center (PDC) released some stats that highlighted the risk. On average, 14% of the emails reported to the Cofense PDC have some form of malicious content. It’s important to remember that these emails are reported to the PDC by well-conditioned users, after perimeter controls have failed to identify, and prevent, the threat.
Therefore, to understand the maturity of your phishing defence you need to further review two capabilities we have talked about before—the ability of users to recognise and report phishing threats, and the ability of security teams to take appropriate action when these reports are received. To help you do this, ask yourself, “What is our capability in these areas?”
Rate your organization’s capabilities based on the questions below:
Plot your responses to the above questions in the matrix below. This will enable you to easily understand and communicate your current state and identify ways to improve your anti-phishing program and security capabilities.
For a great example of how a mature phishing defence program really does make an organisation more secure, take a look at a recent post – Phishing attack shut down in 19 minutes with Cofense Triage™.