Given the extent to which phishing attacks have increased and the number of sophisticated phishing attacks that are now being conducted, businesses should consider taking additional phishing prevention steps. As with so many aspects of cybersecurity, the best approach to adopt to tackle phishing is to have layered defenses. In order for a cybercriminal or Advanced Persistent Threat (APT) actor to gain access to your network and sensitive data, they will need to bypass or break through multiple layers of protection. In this post, we will explain some of the additional layers of protection you can add and the types of phishing prevention solutions that have been shown to significantly reduce the risk of a phishing attacks succeeding.
When it comes to phishing prevention, an email security solution is a must. Most phishing attacks occur via email, so it is important to implement technology that can identify and block these emails before they are delivered to inboxes. Many businesses use Office 365 for email and rely on the email security provided by Microsoft through its Exchange Online Protection (EOP) offering, which is included with all Office 365 licenses. EOP does a good job at blocking spam email, will block all known malware variants, and does a reasonable job at blocking phishing emails.
Many businesses find that the phishing protection provided by EOP falls short of requirements and choose to add an extra layer of protection using a third-party email security solution. Doing so will help you block more phishing threats. You should look for a solution that augments rather than replaces EOP, and one that works seamlessly with Office 365 environments (or Microsoft Exchange if you still use it). Features to look for include anti-email impersonation features (SPF, DKIM, and DMARC) and advanced anti-malware capabilities – e.g., sandboxing – that can perform behavioral analysis of attachments rather than relying on AV engines. This will ensure that zero-day malware threats can also be blocked. A solution that has machine learning capabilities is recommended for predicting and blocking new phishing threats.
Phishing prevention solutions will block the majority of email attacks, but some emails will still be delivered. A web filtering solution adds an extra layer of protection and will provide time-of-click protection against malicious links in phishing emails. These solutions categorize the web and allow businesses to control the types of website content users can access. They incorporate blacklists of known malicious websites and will block attempts to access those web resources. They can also block downloads of certain file types from the internet, such as executable files which are used to deliver malware.
These phishing prevention solutions protect against phishing attacks over the web that can be encountered through general Internet use – redirects to phishing sites from malicious adverts (malvertising), social media networks, instant messaging services, voice phishing over the telephone (such as tech support scams), or malicious sites listed in the search engines (SEO poisoning).
Solutions should be in place to detect malware that has been inadvertently downloaded from the Internet. Standard antivirus software is a must on all endpoints, including mobile devices. These solutions should be configured to update automatically to ensure they include the latest virus definition lists. You can take protection a step further with an endpoint security solution that not only incorporates signature-based detection but also analyzes activity on devices to detect anomalies that could indicate a malware infection or a compromised device. Fast detection of compromised devices can greatly limit the harm caused.
If your phishing prevention measures fail and an employee discloses their credentials on a phishing web page, their credentials can be used to remotely access an account. To reduce the potential for that to occur, you should implement multi-factor authentication on accounts. If a password is compromised in a phishing attack, is stolen by other means, or is guessed using brute force tactics, access to the account will only be granted if a second authentication factor is provided.
You should also adopt the rule of least privilege. Only provide employees with access to resources they need to complete their work duties. Use network segmentation to restrict access to certain applications and resources and limit the number of admin accounts. If an account is compromised, this will reduce the damage that can be caused.
Human-Layer Phishing Prevention
Perhaps one of the most underappreciated aspects of phishing prevention is security awareness training. Phishing attacks target employees, as they are a weak point in security defenses. A click on a malicious link or an employee opening an attachment can give an attacker access to the network. You should provide regular security awareness training to your employees to teach them the red flags to look for in emails that indicate a phishing attack and security best practices to follow. One study by KnowBe4 revealed that before training more than 32% of employees failed phishing simulation tests, on average. 90 days after training, that percentage fell to just over 17%, and after a year of regular training, only 5% of employees failed phishing tests.
A phishing simulator is a useful tool that businesses can use to identify employees who are fooled by phishing attempts. Those individuals can then be provided with targeted training to help them avoid further attacks in the future.
Today, phishing prevention needs to involve multiple measures to block increasingly sophisticated phishing attempts. By adopting a defense-in-depth strategy that involves multiple phishing prevention solutions, businesses will be able to significantly improve their security posture and block these pervasive cyber threats.