2019 Phishing Defense Resolutions


With more than 90% of breaches attributed to successful phishing campaigns – it’s time to think about how to prepare and prevent attacks in the coming year.

To download all of the Resolutions in PDF format, click the button below!

Resolution #1: Engage and Empower Employees

This year, make it easier for employees to report phishing incidents. Instead of seeing employees  (phishing targets) as problems to be solved, empower them to become part of the solution. Make sure there’s a simple way for employees to report suspicious emails from all of their devices, so your SOC can gather real-time intel and stop attacks faster.

Additional Resources
Communication is essential to your anti-phishing program blog. Read Blog.
The Power of Human Intel to Combat Phishing Podcast. Listen Now.

Resolution #2: Train Employees Beyond Compliance

Often times, measures are taken to “check a box” to meet a compliance requirement. This year make your company more secure and look at the simulation program that you’re running and ensure it is up to date. Go beyond compliance. As an added bonus, you should rely more on active threat email templates to better prepare your organization to spot the types of emails the threat actors are using.

Additional Resources
Awareness Resources. View Now.
“Left of Breach” eBook. Download Now.

Resolution #3: Align Your SOC & Awareness Teams

Make a resolution to get to align your Security Awareness and SOC / incident responders teams. It’s important to have an open dialogue with your SOC team to find out what types of emails are making their way through our perimeter defenses and landing in the end-user’s inboxes. We’re all going in 100 different directions, but it’s important to meet with them at least once a quarter to stay up date – set up a quarterly meeting.

Additional Resource
Incident Response Resource Center. View Now.

Resolution #4: Communicate. Communicate. Communicate!

Don’t just send them simulations, engage with your users. This year, you should use newsletters to supplement your scheduled scenarios and help inform end-users about different security topics they need to know about. Newsletters that are simple and focused on one topic allow users to be more educated about potential threats to your organization or in the wild.

Additional Resource
Learn best practices to fight evolving email-related threats. Download Whitepaper.

Resolution #5: Sharing is Caring When it Comes to IOCs

Threat actors are constantly changing their game. When your users report phishing you may be the first to find these new Indicators of Compromise (IOCs) and you should share it with the community – so that everyone can fight the bad guys together! By sharing IOCs, discovered through samples ingested by human-reported intel, the rest of the incident response community can by 1) aware of the specific indications of compromise indicative to those unique attacks the customer is raising awareness for and 2) for the community to take action using those IOCs to fortify their own environments against similar attack patterns.

Additional Resource
Cofense Triage. Learn More.

Resolution #6: Build Connects!

APIs are the best and you should use as many as you can to knit your Incident Response solutions together to hunt for badness in your environment. APIs can quickly integrate and connect disparate security solutions to work cohesively together by passing information and commands among different solutions, so that the customers can 1) quickly orchestrate responses as necessary and ensure their disparate solutions work in concert and 2) increase ROI on those solutions by ensuring they “play nicely” with other security solutions.

Additional Resource
Incident Response Resource Center. Learn More.

Resolution #7: Trust but Verify

Make your phishing response more efficient, “Trust but Verify” still matters when you automate away noisy alerts that still need some human intuition. You should also set a schedule to review, assess and add more security – it’s easy to just let automation run on its own but don’t forget it does need to managed.

Additional Resource
Incident Response Resource Center. Learn More.

Resolution #8: Automate (where appropriate!)

Reduce your mundane incident response process steps by automating where you can. If you have automation in place – this year make it a point to minimize false positives. Automating your incident response is a solution to reduce errors and remove false positives – and it should make your job easier! Mitigating a phishing attack in progress can involve a lot of steps. The key to getting ahead of these threats is anticipating them. Automation allows your smart people to do smart things (and keeps them happy)!

Additional Resource
6 Keys to Faster Phishing Mitigation: Learn More.

Resolution #9: Know Your Enemy!

This is the YEAR to ensure that you’ve made best use of Threat Intelligence feeds by integrating the IOCs in your downstream controls. When you are under fire, you need to understand the nature of the attack as well as how to quickly and proactively defend yourself. The faster your team can be armed with critical knowledge about an attack, the faster they can minimize the threat.

Additional Resource
Free Threat Alerts: Sign Up Now.

Resolution #10: Love Your Coworkers!

Users are People – people have jobs that do important stuff – that I don’t know how to do – and I’m going to be patient with them because they don’t know how to do my job! As we move into 2019 we need to be kind and patient with one another because in the end it’s all that really counts. Embrace your workforce and help them understand they are a target! Happy hunting everyone!

Additional Resource
Phishing is a team sport video: Watch Now.

Request a Demo

Top 5 Reasons Why Companies Choose Cofense

More Companies Trust Cofense: Cofense has over 1,000 customers worldwide, including over half of the Fortune 100.

Global Customer Support: Cofense is the only enterprise-grade phishing threat management solution fully staffed across the globe, supporting customers in more than 50 countries.

World Class Phishing Research: Our dedicated research and intelligence teams continuously discover indicators of phishing in the wild, delivering the most authentic and deepest spear phishing simulation and incident response resources available.

Discovers Real-Time Phishing Threats: While other solutions rely on simple machine learning to predict risks, Cofense leverages human intelligence to detect and respond to actual phishing threats bypassing your organization’s security layers in real time, drastically reducing threat susceptibility.

Rooted in Security, Founded by Experts: Cofense’s founders and executive leaders are well seasoned security professionals with more than 80 years combined experience in the cybersecurity and threat management landscape, delivering tremendous value through decades of experience.