There is no easy solution to how to stop phishing breaches. Phishing has been the number one attack vector for half a dozen years and everyone – every business – is a target. Organizations of all sizes experience frequent, sometimes sophisticated, sometimes simple phishing attacks and it’s unrealistic to expect IT and security teams to fight that battle alone using just the technology they were able to budget. Since people or humans are the ones being targeted, shouldn’t it hold true that they also hold the key to a successful defense?
Rather than being seen as a weak link, can humans serve as the strongest, last line of defense before attackers gain access to corporate systems?
How to Stop Phishing Breaches with Human Intervention
When attackers gain access to corporate systems, they have access to vital information such as intellectual property, and in some cases money. There are numerous ‘definitions’ of phishing, but ultimately it is any type of email-based attack that has the intention of luring recipients to respond in a certain way. The attacker might aim to have the recipient click on a link that takes them to a compromised website, open a malware-infested attachment, or divulging valuable information such as user credentials. And these emails are sent to people – not machines.
Often, phishing emails are carefully crafted and targeted to specific recipients and given the number and intensity of data breaches witnessed over the last several years, there’s a wealth of information available to phishers to make it convincing.
While the sophistication of these social engineering attacks can make them tricky to block, there are common characteristics and indicators of phishing emails that can help everyone better recognize and report possible attacks before sensitive information is compromised or money is stolen. However, being told how to find a phish is very different than experiencing a phish.
How Simulation Can Help Stop Phishing Breaches
Despite being one of the most effective ways how to stop phishing breaches, most organizations would just as soon skip testing its workforce with simulation because security forces them to think about unpleasant situations. But it is possible to really engage users by simulating real-life experiences that drive the point home. Just as airline pilots train in flight simulators, computer users can learn by experiencing a simulated phishing attack in a controlled environment.
Sending a simulated phishing email into users’ inboxes at irregular intervals teaches a workforce to become vigilant and spot suspicious emails. Whether they fall for the simulated phishing email, or identify it as a threat and report it to security personnel, the experience will serve as a much better reminder to stay vigilant than sitting through a security lecture.
As time goes on – and the simulation process is repeated – users will be become more aware of the threats presented by phishing emails, and what action to take when they identify a risk. With simulation, a workforce learns how to stop phishing breaches, thus mitigating the risk of a successful attack.
When Something is Seen, Say Something
Knowing how to identifying a phishing email is the first stage of educating a workforce in order to stop phishing breaches. However, the likelihood exists that if one member of the workforce is being targeted with phishing emails, other members will be as well. Organizations need to encourage their workforce to report suspicious emails, even when a link has been clicked or an attachment opened.
Saying something alerts security personnel, who can then take action to mitigate the threat. Creating vigilance in a workforce is the best way to stop phishing breaches via email as it is the most commonly-employed attack vector. By engaging a workforce as an internal sensor, security personnel receive information they would have not received until it was too late.
An issue arising from a “say something” policy is that security personnel are overloaded with reports of suspicious emails. Being able to respond quickly to these alarms and research threat levels is critical to stop phishing breaches or lessen the chance of a breach from a phishing email. Security teams should therefore monitor who within the workforce is more proficient at spotting phishing emails and prioritize action accordingly.
Phishing Defense – From the Inbox to the Security Operations Center
Being able to sort, respond and research reports of suspicious emails quickly is critical to stop phishing breaches. End-to-end phishing mitigation a critical feature of any security program’s risk management strategy and knowing how to stop phishing breaches by educating a workforce is the best way of keeping an organizations safe.
Cofense is evidence that this security process works. Cofense has conditioned our workforce to identify and report suspicious emails. By analyzing potential phishing threats emails quickly, Cofense has been able to discover and publish threats to organizations in advance of other threat intelligence agencies. Recently Cofense uncovered the Dyre malware Trojan ten days ahead of the next leading threat intelligence agency.
Even with record investment, the number of breaches attributed to phishing attacks continues to grow. Technology alone cannot solve the problem. This is why Cofense´s solution to stop phishing breaches focuses on human intervention – your last line of defense when a phishing email evades detection by technology.