Phishing Incident Response

Collaborative, Cooperative, and Collective Phishing Incident Response

In order to be effective, phishing incident response needs to be collaborative, cooperative, and collective. The Cofense platform delivers these requirements by combining technology with employee instinct to stop phishing attempts before they become successful phishing attacks.

Back in 2015, our Enterprise Phishing Susceptibility Report demonstrated how behavioral conditioning through phishing simulations could decrease the likelihood of susceptible employees responding to malicious emails by 97.14 percent. The report went on to state that a key factor in mitigating threats from phishing is increasing employee engagement in order to enhance threat detection rates.

Employee engagement is not only key in respect of enhancing threat detection rates, but also when a phishing email avoids detection and is opened and acted upon. In these circumstances, time is a critical factor when it comes to phishing incident response, and mechanisms need to be in place to facilitate the fast reporting, investigation, and response to a phishing email.

The Foundations of an Effective Phishing Incident Response

The foundations of an effective phishing incident response are employees. From office juniors to the C-Suite, these are the people targeted by cybercriminals and into whose email inboxes phishing emails are delivered. Behavioral awareness can reduce employee susceptibility to phishing, but it is also important that a culture exists to encourage a collaborative, cooperative, and collective environment.

Without such an environment in place, employees may be apprehensive about reporting a phishing email they have opened in error – with potentially very serious consequences. It may also be the case that employees fail to alert the Security Operations Center (SOC) to an email they correctly identify as a phish – resulting in the possibility of another employee opening a similar phishing email in error.

The Way Forward is to Recognize and Reward

Without a collaborative, cooperative, and collective environment, it is difficult to monitor phishing activity and the level of threat in order to execute an appropriate phishing incident response. One way to overcome this potential obstacle is to recognize and reward employees who achieve top scores in phishing simulations and who most accurately report suspicious emails to the SOC.

By making the learning process fun, employees are more engaged in the organization´s security. Furthermore, when vulnerabilities are exposed, it helps to alert employees to their susceptibilities in terms of their personal online security rather than the online security of the organization. The best practices they implement to protect their personal property will benefit the organization as well.

How Cofense Helps Make the Learning Process Fun

The Cofense platform consists of a range of services that contribute to an effective phishing incident response. Two of the tools – Cofense PhishMe and Cofense Reporter – can be used to make the learning process fun, improve the behavioral conditioning of employees, and prevent the likelihood of a phishing incident response being required.

Cofense PhishMe

Cofense PhishMe is a phishing simulator best used to periodically send simulated phishing emails to employees. The simulated phishing emails are based on real-world phishing attacks identified by the Cofense Intelligence service, and the service is unique in providing deep metrics, benchmarking, and enhanced analytics to identify employees´ weak points and specific vulnerabilities.

Cofense Reporter

Cofense Reporter (and Cofense Reporter for Mobile) is a plug-in for email toolbars. When the phish icon is clicked, Cofense Reporter sends suspicious emails to the SOC team or into Cofense Triage for fast analysis. Using the Cofense dashboard, SOC teams can quickly and easily identify employees with a history of accurately reporting suspicious emails in order to prioritize investigations.

Beyond Identification and Reporting to Phishing Incident Response

When reports of suspicious emails are received, they often come in rapidly and within a short period of time. The way to avoid overloading the SOC is to use Cofense Triage to filter out non-threatening messages, reduce the “noise” of false positives, and free the SOC team to investigate and identify genuine threats much faster than if they had to investigate every report manually.

Cofense Triage accelerates phishing incident response using industry-leading spam engines, automation, and integration with existing security solutions. When a genuine phish is identified, Cofense Vision enables SOC teams to search across the organization to find and quarantine further incidences of the email while the Cofense Intelligence service provides further information about the nature of the threat.

Find Out More about Mitigating the Threat of Phishing with Cofense

If you would like to know more about mitigating the threat of phishing and effective phishing incident response, do not hesitate to contact us. Our support team will be happy to answer your questions or organize a demo of Cofense in action so you can see how Cofense combines technology with employee instinct to stop phishing attempts before they become successful phishing attacks.