Phishing remains the #1 attack vector for malicious actors. This means that there is a clear path where you as an organization need to place your cybersecurity focus.
Phishing campaigns have evolved from misspelled and poorly worded mass emails to sophisticated targeted spear phishing. Spear phishing is aimed at your industry, your CFO, and you. Informational data such as your name, email address, and place of work or worship, can be discovered in a variety of places from social media to the dark web. The bad actors do their homework and target their victim specifically. The attention to detail and knowledge of your industry are what make these spear phishing attempts so successful.
Spear phishing is targeted through:
- Email with malicious attachment
- Email with malicious URL – link
- Service – Social media
The use of social engineering exploits the user’s trust and entices them to click the link or open the attachment. The email may go so far as to explain how to extract the file or log into the malicious website to harvest your credentials.
What can you do? It must be understood that no level of effort can guarantee IT environment security or stability. This is an ongoing effort to address the ever-changing technology and threat landscape. Peters & Associates is here to help and provide direction to your cyber security strategy.
People, Process and Technology
- People: Start from the top, get senior management on board with the initiative.
- Process: A process is defined as a series of actions or steps taken in order to achieve a particular end. With that in mind, ask the question: What processes do we need in order to solve this business problem?
- Technology: Once you have identified your process and how your people will help you achieve your goals, you are ready to look at your technology. Too often, the technology is implemented without the people’s knowledge or the proper process in place.
- User Training: People are your first line of defense! Peters & Associates has a Security Awareness Program that helps to teach and reinforce effective cyber security practices with your employees. We can assist you with training your users and provide monthly phishing tests.
- Anti-virus/Anti-malware: We’ve got your back here too; Peters & Associates can manage all your workstations’ AV for you.
- Network Intrusion Prevention: There are a variety of products that we support. Just let us know what you currently have installed, and we can tailor a solution for your specific environment.
- Restrict Web-Based Content: First, you must determine if websites or attachment types such as .scr, .exe, .pif, .cpl etc. are necessary for your daily operations. Consider blocking these file types as they are common threats. You may determine your user base does not need these for their daily work tasks. Websites may be blocked explicit or by type, such as firearms or gaming.
Email and Network intrusion detection systems can stop phishing with malicious attachments. Solutions such as Microsoft Advanced Threat Protection (ATP) utilize a detonation chamber to identify malicious attachments and stop the email before it gets to the inbox. Always remember that an adversary may construct an attachment in a way to avoid detection; therefore all the above practices should also be in place.
URL inspection for email detects known malicious sites. ATP also utilizes a detonation chamber for hyper-links to detect malicious links.
Most third-party services used for phishing use TLS encryption. Therefore, SSL/TLS inspection is recommended to detect signatures or malware.
If users (people) still manage to download a malicious attachment or click on a malicious link, with the proper processes used in implementing the technology, the anti-virus/malware software becomes the next line of detection.
Please let us know how we can assist with your People, Process, and Technology. Our goal is to help you execute a strong foundation and protect it with additional layers. Contact us at firstname.lastname@example.org or review the following resources to learn more!
Learn about our end user and workstation management, here.
Learn about our approach to Security, here.