We often talk about running phishing simulation campaigns as a way of training our teams on what phishing emails look like. Given that 92% of breaches have a threat actor using phishing as a technique, it’s undoubtedly important to educate your organization—and even more so—enable users to report suspicious emails so that you can review them.
As a security professional, you might be wondering, why don’t employees report these emails to begin with? Some common excuses include: “What if I’m wrong?”, “what if I’m right?”, and “what if the process is too time consuming?” To combat this, the need is clear: Make reporting a suspicious email as easy as possible. The good news? With an email plugin button, it’s as simple as one click for users to get suspicious emails into your review queue. This is a great step towards protecting your organization from phishing attacks.
With Rapid7 InsightPhish, an organization can run phishing awareness campaigns through simulation, set up a review queue, and make it easy for users to report suspicious emails with the click of a button. This button is simple to deploy, and equips users with an accessible way to report suspicious emails.
When a user clicks the “Report Phishing” button, the suspicious email is sent to InsightPhish so an analyst can review and analyze the suspicious email, and decide if it indeed is a phishing attack or not.
Now, if you’re an analyst, you may be concerned that setting up a review process and allowing your organization to start reporting suspicious emails is going to create a boatload (pun intended) of new work. Luckily for you, InsightPhish features a workflow that gets emails into your review queue and analyzes them for you. Read: no more parsing URLs, deciphering headers, or correlating previous indicators of phishing. Instead, you only need to review the analyzed data and deem the email phish, safe, or junk. From there, a pre-populated email is sent off to the user who reported the email. But don’t just take our word for it: Our beta customers have reported that InsightPhish cuts down analysis to 2-5 minutes—not 30-45 minutes. The best part? You get your day’s time back.
The Impact of Reporting
Receiving increased reporting within your organization can actually be a good thing; even if the emails are coming back without compromise, it’s beneficial to your organization in the long run to make your employees more vigilant, and to have more visibility into your network (including into potential attacks that may currently be underway).
There are a few other steps you can take to contain potential compromise: Start an investigation to see who else has clicked on that malicious link or opened that malicious attachment, isolate the assets compromised, make the credentials of those affected users invalid, add rules to your DNS server so that nobody else gets compromised, and more. Wondering how to go about doing all of that? InsightPhish and the rest of the Rapid7 Insight platform equips you to do just that.
Want to get started with reviewing and analyzing suspicious emails within your organization? Start using InsightPhish today.