Last week, in part 3 of our 4 part series, we asked you, as an IT professional, to evaluate if your users are careless or curious when clicking on random emails. Do they filter their Inbox and take caution when engaging with emails they receive, especially when it solicits a response from them? Do they report suspicious emails to you for manual processing and intervention? How much time do you spend dealing with email incident response and do you have access to the latest threat intelligence to make a sound decision?
This week, we wrap up with some ideas for helping you build a stronger defense in combatting Phishing attacks. What additional layers of security can be easily added? How can you empower your employees to be part of the solution and not the problem in protecting against a data breach resulting from a Phishing attack?
Training is good as long as it doesn’t create more work for IT staff.
Businesses can work with 3rd party vendors to provide their employees security awareness training. In fact, in a recent EdgeWave survey of webinar participants, 60% of respondents reported they provide training for their employees. Businesses who do this value their employees and understand the role they play in keeping the network safe. It’s an investment of sorts because they are ensuring employees have the latest information needed to combat cybersecurity threats. Training typically includes simulated Phishing tests to send fake Phishing emails to the staff and report back on who opens and clicks in the email. IT can run periodic training as a way to gauge the organization’s awareness and readiness to deal with Phishing attempts. Over time, they can compare response percentages to see if the organization is improving. If not, they can provide training reinforcement and repeat the testing. Training provides a baseline for educating and encouraging employee behavior; hopefully this knowledge is retained and drawn upon at just the right moments. IT staff want their employees to be aware of possible Phishing attempts and know how to respond in real-time, when it’s a real threat and not just a simulation test.
So training is good because it teaches and enforces “best practice” but with that comes potentially more work for the IT department – not just with rolling out and monitoring the training program, but in other related and probably unanticipated tasks. One EdgeWave customer reported that after they implemented security training – teaching the staff to be aware of Phishing attempts – the volume of helpdesk calls went up. Employees wanted to know “should I open this email?” or “can I click on this?” Training is good because it simulates real-world scenarios, but this shouldn’t create more work for IT nor should it be a substitute for actual, real-time threat analysis.
A new security layer to stop Phishing at the endpoint. End-user Anti-Phishing tools save IT time.
In the same EdgeWave survey of webinar participants, 44% of respondents reported seeing Phishing emails in their network at least once a week but 56% reported that they did NOT have an IT policy to specifically deal with Phishing emails. This highlights the need to address this with employees before one of them falls victim.
Complimentary to other security measures and useful when bad emails evade existing layers of protection, EdgeWave’s newest solution, ThreatCheck can help close the Phishing gap and stop threats at the endpoint. ThreatCheck is an automated email incident response service that allows employees to seamlessly report suspicious emails for threat investigation with the click of a button in Outlook (Outlook 2010 or newer). It works to shrink attacker dwell times and prevent email-borne malware from gaining a foothold in your network to steal your credentials or your sensitive data.
Combining automated machine learning and human analysis to investigate and respond to phishing attacks in real-time, ThreatCheck delivers a hybrid approach to anti-Phishing solutions. ThreatCheck increases employees’ security awareness and eliminates uncertainty because within minutes, a response by human agents – cybersecurity professionals in EdgeWave’s Hybrid Threat Detection Center – is delivered back to the end user, closing the loop every time, giving them disposition of the investigation by return email, and addressing their concerns in near real-time. ThreatCheck also relieves IT staff from the burden and complexity of directly managing the incident response yet it’s centralized alerting and reporting provide the oversight to monitor general status as well as drill-down capabilities if further inquiry is needed for specific emails submitted. ThreatCheck does the heavy lifting for you, gives your employees a “2nd opinion” if an email is safe or not, and doesn’t tie up IT staff time in doing it.
A current EdgeWave customer, a mid-sized logistics company in Salt Lake City, Utah summed it up in the following manner. “Delivering an immediate, on-demand threat analysis to every end user is simply impossible. With ThreatCheck, we have a powerful line of defense to ward off the costly damage of malicious emails. It’s clear that this is an indispensable element of any effective security strategy.”
The sophistication of Phishing will continue to evolve. Machine learning sets a baseline for identifying patterns and trends, but human analysis brings the sanity check into play — hackers are clever so a human response is a critical component to counter that. ThreatCheck is poised to address these new threats when other layers may not be and supports the “Stop.Think.Connect1.” slogan that resonates loudly every October during National Cyber Security Awareness Month.
There are links to additional free resources below that can help you learn more about Phishing and you can also check out EdgeWave Anti-Phishing Solutions: https://www.edgewave.com/solutions/phishing/
National Cyber Security Alliance (NCSA): https://staysafeonline.org/
STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online: https://www.stopthinkconnect.org/
Department of Homeland Security Cybersecurity Toolkits: https://www.dhs.gov/stopthinkconnect-toolkit#
Report Phishing: https://www.antiphishing.org/report-phishing/overview/
1 – Stop.Think.Connect: https://www.dhs.gov/stopthinkconnect