Part 1 in our series on being “Left of Breach” in the Phishing Kill Chain.
Too often in the information/cyber security industry, we focus our efforts on mitigation of breaches after they occur, relying on incident response teams to find the needles in the haystack.
According to “Left of Bang: How the Marine Corps’ Combat Hunter Program Can Save Your Life,” (by Patrick Van Horne and Jason A. Riley; Foreword by Steven Pressfield) The Marine’s Combat Hunter training program works on this premise: by understanding what “normal” looks like, we are much more likely to recognize activities and behaviors that are out of place. That recognition, even if based on “gut feel,” becomes the trigger for acting. This approach relies heavily on front-line human assets, not just automation or artificial intelligence, to detect attacks in progress. Most important, it lets you get in front of breaches before they blow up in your face.
Get “Left of Breach.”
In the Marine’s case, it’s acting to get “Left of Bang,” as in bombs and bullets. In anti-phishing programs, it’s getting Left of Breach—taking proactive steps instead of accepting that hackers and other malicious actors will succeed no matter what. In the figure below, it’s everything left of the bullseye.
With a few modifications, the standard security industry kill chain can resemble the Marine Combat Hunter approach.
As you can see in the Phishing Kill Chain above, we focus on baselining an organization and developing human threat reporters throughout the first four steps. This provides 2 things: a starting point for risk analysis and development of targeted simulations (Enumeration, Design, Delivery); and the development of HUMINT (human intelligence), data collection and reporting of suspicious material to incident response teams.
As your anti-phishing program matures, you’ll combine the data your employees report with human-vetted phishing intelligence feeds in Triage. The net: actionable intelligence enabling you to mitigate threats before they happen.
5 steps to getting there:
- Be transparent and educate users on standard phishing clues and the purpose of the program.
- NOTE: Program transparency is key to your success. It builds enthusiasm for the program and a sense of ownership and positive engagement with the organization’s security process.
- Baseline your organization’s technical and business process weaknesses for targeting during initial simulations.
- Execute diverse simulations and analyze for risk level (e.g. – high susceptibility to active threats)
- Design follow-up simulations based on known deficiencies and analysis of initial results.
- Stress the importance of reporting in all simulations and awareness activities.
Taking these simple steps is the quickest, most effective way to protect against phishing. Ready to get Left of Breach? Booyah!
Next: part 2 of our “Left of Breach” series examines the first step in the Phishing Kill Chain, Self-Enumeration.
Stay on top of recent phishing and malware threats and attacks trends, delivered straight to your inbox completely free. Subscribe to PhishMe® Threat Alerts today.