The number of devices in the globe has surpassed the combined population of humans around the world today. Organizations and individuals are living in an always-connected world where devices are becoming an embedded part of daily lives. The moment we wake up it has become a habit to look at our phones to check emails or social media even before we begin our daily routine. Emails have become the de-facto way of doing business whether inter-organizational or intra-organizational. With digitalization becoming the agenda in many organizations and digital platforms being the norm, integration of emails as a mode of business exchange between suppliers, partners, and consumers is key to enabling business. Any disruption to the email systems or delays in mail exchanges will lead to the impact of either of the stakeholders and hence customer satisfaction. This high level of dependency on emails has opened up a new avenue to exploit individuals and businesses. In recent times, there have been many news headlines of data breaches across the globe, the majority of them attributed to sources originating from emails. These breaches cause financial and reputation loss to businesses. A simple decision of an individual whether to open an attachment or a link in an email that is malicious in the entire organization is sufficient to cause such breaches. Effective protection mechanisms can be deployed at every layer to prevent such breaches. Email has become the most preferred mode for hackers to infiltrate into organizational networks and propagate, which happens when users open attachments, click links that open up connections to the external sites to exfiltrate data. As the old saying goes “the strongest link is the weakest link” the employees, are the most critical assets who can help to protect organizational data or make it vulnerable to hackers. It is essential to understand the various terminologies relating to phishing attacks before understanding the measures that can be taken to prevent, control and also respond to such incidents.
What is Phishing?
It is an email sent to individuals of the organization that appears to be from legitimate external sources, which contains attachments or has web links that the recipient opens and can be malicious. Even the most secure network can be compromised if an employee clicks a link to a malicious website embedded in an email that appears legitimate or open an attachment which runs a script and appears genuine (as it is from a known sender) that propagates laterally across the network and initiate remote connections to external network locations.
Spear Phishing – a term that is used to define phishing attacks that targets high profile individuals of an organization, is also a form of phishing which aims to send emails to specific individuals and make it appear as originating from legitimate senders. It has to be recognized that no control measures can be put in place to control phishing 100%, it should be acknowledged that there will be phishing attacks and there should be processes and tools to identify, block, control and remediate them when they happen in organizations.
It is suggested that organizations adopt an effective anti-phishing program that addresses the following areas
- Control or mitigate: First and the foremost is to Increase User/employee awareness. This can be achieved through regular short training programs delivered using videos, gamified software that enables simulations for understanding the level of user awareness in an organization or department. There are tools that are available in the market that can be put to effective use to enhance user awareness.
- Prevention: Not opening any emails that are sent by unknown sources. Unfortunately, this is easier said than done as there might be legitimate emails which could be skipped in the process and organization may be impacted. There needs to be a mechanism to identify legitimate emails from those that are malicious. It is very difficult to control user behavior across the entire organization.
- Identification and alerting: This can be addressed by using tools deployed at the mailbox level to identify emails from external sources and highlight them before they are opened. Using such tools can enable organizations to control the impact of such phishing emails which use multiple techniques like domain spoofing, etc.,using federated intelligence feeds that is always updated with latest data on malicious sites, phishing sources combined with Artificial Intelligence to understand the user behavior to make the solution more effective.
- Analysis: Ability to have users submit the emails that are unknown/suspicious that may need to be further analyzed by specialized security analyst teams as a managed service with acceptable response time depending on business need.
- Remediation: Finally, after a phishing incident, the ability to remediate affected mailboxes and control the extent of the impact is of utmost importance.
There are various tools available to address these areas. Effectively deploying them and operating them in combination with standard processes will enable organizations to stay focused on their core business with minimal impact from Phishing. When selecting tools it is important to consider the capabilities they offer and the ability to integrate with other complementary solutions such as SIEM and SOAR, Service management tools. It is also essential to have services to support phishing incidents, remediate and investigate when needed and track to closure when critical incidents do happen.
HCLs Anti-Phishing services cover all the areas listed above to effectively manage phishing attacks from our global delivery locations. Contact us for more information.