Most organizations today have deployed some type of email security solution, but still miss phishing emails. Why, you might ask? Because phishing emails typically carry non-malicious payloads to avoid basic security controls, are easy to send, and provide one of the fastest ROIs for threat actors.
Phishing emails rely on human vulnerability, which is the weakest point of any organization's security and can be the easiest to exploit. In fact, 74% of U.S. organizations experienced a successful phishing attack last year, according to the latest 2020 State of the Phish Report, and most of these businesses have no solution other than relying on end-users to spot these attacks.
If there is one attack vector in particular that keeps CISOs up at night, it is spear phishing attacks via email. With the recent shift to hybrid work environments, where many employees are working outside of their protected corporate network, hackers are utilizing two of the most common attack tactics more than ever before: phishing URLs and impersonation. These phishing attacks attempt to obtain sensitive information such as personal credentials, credit card numbers, or specific account information. Threat actors use this information to impersonate users and propagate malicious content throughout an organization, or use it as a vehicle to deliver ransomware inside an organization.
Insulating users from these phishing attempts or other sophisticated attacks with capabilities such as isolation can help elevate an organization's level of protection and keep users safe from suspicious links. Applying adaptive isolation controls can also help increase phishing prevention by protecting your organization's Very Attacked People (VAPs) from phishing attacks that are harder to spot for users and for technical tools to block.
Maybe your employees won't fall for the notorious Nigerian Prince looking to share his wealth, but what about an email coming from their supposed boss asking them to authorize payment for a new software your company just purchased? Or maybe an email coming from one of your vendors asking to get caught up on an unpaid bill? Or IT emailing you to update your password for a recent security update? The success rate of a phishing email solely depends on how much trust they can earn from their victims. Threat actors can easily pose as someone within your company or use a similar email return address to mimic the real one and appear as if it's coming from a trusted source. In some cases, threat actors will spoof email addresses to make it even tougher for employees to detect, and with so much personal data available online, the messages can sound very convincing. These spear phishing tactics are often used by threat actors to penetrate one specific organization, and they will spend time to research names and roles within a company to build trust with their potential victims before launching an attack.
While training end-users is critical, it simply will not stop the problem. There is no silver bullet in security, but having a multi-layered approach and fine-tuning your current solution can greatly increase your efficacy and provide a more secure environment for your users and organization. Things such as visibility into your VAPs, or using isolation and other adaptive controls to insulate users from targeted spear phishing attempts, can help protect your users and more broadly your organization.
