In this week's webcast,Lital Asher - Dotan and ckirsch tackled the hot topic, “Live Bait: How to Prevent, Detect, and Respond to Phishing Emails”. Phishing has risen from #9 to #3 in the Verizon Data Breach Investigations Report on the most common attack vectors. Phishing attacks are often successful because it only takes error on the part of one user to compromise an entire organization. Read on to learn what security professionals should focus on to prevent, detect, and respond to phishing attacks effectively:
- Phishing = Low Risk & Great ROI for attackers – Phishing is cheap & effective. Compared to Wi-Fi hacking where attackers must be in close proximity to the target, phishing allows them to infiltrate an organization from anywhere in the world. Plus, phishing costs virtually nothing compared to using something like 0-day exploits. Assets are generally better protected than users, so users are a soft spot, and the success rate of these attacks is high. It only takes one mistake from one person to succeed.
- Use every resource at your disposal to prevent phishing attacks (technology AND training) – Identify and remediate client-side vulnerabilities to figure out what controls you should have in place as a baseline, and simulate social engineering campaigns to measure user awareness on the issue. The goal of these campaigns should be to educate the user rather than punish them for falling for a simulated phishing attack. Emphasizing how susceptibility to these attacks will affect the security of personal data on top of company data always helps.
- It's not a question of if you'll be attacked but when you'll be attacked – It is not possible to prevent all phishing campaigns. Even the best educated users will have a slip-up, especially since spear phishing attempts are extremely sophisticated and targeted. Compromising one user account through phishing is just the first foothold for an attacker to infiltrate an entire network.
- Detection & Investigation must be a constant, pro-active process – Security teams should know where to look to detect a breach. You must be able to reduce distracting false positives and shorten time to containment as much as possible. Monitor for abnormal user activity (administrator and executive accounts are common targets) such as escalation of privileges, data exfiltration, and logging in from remote or multiple locations at once.
To learn more about the techniques and technologies that will help you every step of the way during prevention, detection, and investigation of inevitable phishing attacks on your organization view the webcast now.