Phishing attacks and scams are at an all time high, taking advantage of recent news around the COVID-19 pandemic to exploit organisations and people. They are also very sophisticated, successfully reaching users without being detected and stopped by perimeter security systems.
Ranging from data loss/leakage where employees are sharing confidential information via malicious phishing websites to organisations crippled by malware (ransomware) due to an employee opening an email attached document – the implications are significant:
- Disruption of IT services coupled with slow reactive measures to restore it.
- Financial loss – both personal and work related.
- Regulatory fines.
- Permanent damage to reputation and brands.
These attacks highlight both weaknesses in IT security infrastructures and lack of cyber security awareness of users – a huge risk to any organisation of any size.
Defending against phishing attacks requires a multi-layered set of mitigations to improve your organisations resilience and reduce its attack surface – whilst minimising disruption to user productivity. These include identification, response and prevention at the cloud, network, endpoint and user layers:
- Next-Gen Firewalls – Complete visibility and control over network traffic, user behaviour and endpoint activity. Combined with WildFire® to identify in real-time URL’s and DNS domains recently used by phishing campaigns and prevent user access to these sites, and URL Filtering (Credential Theft Protection) to identify and block user credentials that are being sent to un-sanctioned sites and applications.
- Advanced email protection – Using technologies such as Proofpoint to identify and isolate phishing attacks and provide an immediate ‘clear up’ response to incidents.
- Best practise email configurations – Implement SPF, DKIM and DMARC and encourage your suppliers, customers and partners to do the same.
- Cortex XDR Prevent – Prevent provides advanced endpoint threat protection by securing users and their devices against exploits, malware and ransomware attacks delivered by emails with infected attachments.
- Simulated Phishing and Training – Raise awareness of phishing attacks and what to do if one is identified.
Adopting a multi-layered approach to defending against phishing attacks that uses both technology (automation and intelligence) and user awareness training, will help widen your defences, reduce your overall risk of being breached and reduce the time, cost and resources required for an analyst to manually carry out time-consuming manual investigations.
Technology (Automation): Improve your resilience against attacks without disrupting the productivity of your users:
- Identify, block, alert and remove phishing emails and attachments.
- Prevent users from sharing confidential credential via unknown websites or apps.
- Immediate identification, response and remediation (clear up) of phishing emails.
- Immediately block malware infected files if opened via an email attachment.
User Training: Raise the awareness of phishing attacks, the impact and how to spot emails and report on them. By implementing regular user awareness and training is proven to reduce the risk of being successfully ‘phished’.