The intelligence collected from end-user “informants” allows IT to find malware and identify phishing threats more quickly.
How many times have you told end users to not click on links or attachments they don't recognize in emails? Too many to count, right? The concern of course is phishing emails. Everyone knows they lead to no good, and yet the temptation to click is sometimes just too great!
Phishing remains the number-one attack vector: 91% of cyberattacks start with phishing emails. Since it typically takes more than 200 days to detect a breach, educating business users on how to first prevent such scams—and then how to react if they make a mistake—is critical in trying to neutralize this highly-successful scam method.
Why Do End Users Keep Getting Duped?
Why do end users continue to fall for phishing email scams? In most cases, they are driven by curiosity, fear or urgency. Rewards, recognition, social entertainment and opportunity also play into why they keep getting duped.
Technology alone can’t solve the problem, so it’s critical to engage with end users and get them to “own the problem” as much as the IT security team does. End users play a key role because they are the last line of defense if a phishing attack bypasses other computer security defenses. The data that comes across their desktops can also provide valuable intelligence as to how your business might need to tweak its current security measures or if new defenses need to be deployed.
When a phishing scam gets through your security infrastructure and anti-virus software, employees need to recognize the attempt. IT also needs to train employees to report any attacks they happen to launch by clicking on a URL, submitting a password, or downloading an attachment.
By alerting IT, end users can help the business significantly decrease the amount of time to respond to developing threats and attacks in progress. Tapping into their “collective knowledge” also enables incident response teams to more quickly analyze phishing attack data.
Simulated Phishing Attacks Generate Key Intelligence
A unique approach to educating end users is to simulate phishing attacks by using a solution such as PhishMe Simulator. The technology generates customized phishing scenarios recreating a variety of real-world attack techniques such as spear phishing, social engineering, malicious attachments, drive-by attacks, and conversational phishing scams.
IT can test not only to see which end users fall for the simulated attacks and the types of attacks that catch them most often, but also which end users report their mistakes. Getting end users to fess up when they enable a phishing attack is key. With advance notice, IT can often thwart scammers before they do damage to your digital assets.
The intelligence collected from end-user “informants” allows IT to find malware and identify phishing threats more quickly. This human-driven process produces highly-relevant intelligence while also reducing remediation time and preventing attacks. The timely, accurate and consumable data can also serve as a compliment to other information sources, such as intelligence feeds, so IT can gain quality information about specific threats.
• Filters alerts and reports coming from multiple systems and human reporting.
• Clusters alerts relating to the same specific incident.
• Prioritizes incidents so responders can determine the order in which they are addressed.
• Finds the root cause of incidents to mitigate problems and prevent them from reoccurring.
Mitigation Automation Enables Real-Time Response
Collecting phishing data from end users and other sources requires crunching large amounts of data and creating workflows that find the root cause of attacks, mitigate those attacks, and then prevents subsequent scams from the same type of source. Automation is key to making sure the process works quickly and efficiently.
Automation can filter out false positives so incident responders can focus on real threats. By clustering information, automation can also analyze related information by incident—before the incident response team addresses the issue. This allows for compiling proactive analysis including the source of the phishing emails, what attachments have been included, and the URLs or other elements that may point to additional phishing emails. Armed with this information in advance, the incident response team can hit the ground running.
In addition, automation further enriches phishing intelligence by harnessing your internal attack intelligence. This can include records of past successful attacks along with the IP addresses and names used in previous attacks.
Once all the relevant data is clustered, automation continues to streamline the process by enabling the incident response team to gain context into the type of threat or attack they are facing and the type of ingress the attackers are using. This ultimately leads to identifying the root cause, and from there, responders have the freedom to move through the normal incident response process. They also have the bandwidth to conduct in-depth analysis that compiles all the key information:
• Number of phishing emails in the system.
• End users who received these emails.
• End users who opened these emails.
• End users who clicked on a link, opened a file or ran a macro.
• Whether or not the anti-virus software worked and found malware.
• The number of infected machines.
With information like this, the incident response team can more easily determine what additional protections must be put in place.
Keeping Digital Assets And Sensitive Information Secure
Defending against phishing scams requires two key tactics. The first is behavioral conditioning that better prepares your employees to recognize and resist malicious phishing attempts. The second is an incident response process that collects, organizes and prioritizes phishing intelligence from multiple systems as well as from human reporting.
Combining these two approaches dramatically improves the ability of the incident response team to mitigate attacks efficiently so that your business can effectively detect and prevent phishing attacks. More importantly, it helps keep digital assets and sensitive information secure.