11th December 2020
6 Min read
Phishing attacks are not exclusive to a certain type of business or profession. They can happen to anyone and most people have received a phishing email in their lifetime. A phishing attack can negatively affect your business if unprotected. Defending against phishing can be achieved with some efficient and effective control measures for your team and devices.
Phishing attacks occur when a malicious actor intends to trick users into carrying out an unintended action. This type of attack can be used to download malware onto a device or send users to a suspicious website that malicious actors may use to obtain your personal or company information, such as user credentials.
One of the most convincing elements of a phishing attack is its ability to stay relevant to current events. Malicious actors use news and often financial-related topics to draw users in. Phishing attacks can be carried out using a text, phone call or on social media, but most commonly, via email. Phishing via email means senders can access thousands, even millions, of targets directly. The intention is for these emails to look official and urgent to make them difficult for users to ignore and develop suspicion, encouraging them to follow the malicious instructions within the email.
The intention of a phishing email is not clear upon opening. Some actors may send an email to millions of people hoping to get some intellectual property, such as passwords. More sinister actors may engage in a phishing campaign against your organisation specifically, which is commonly referred to as “spear phishing”. It is important that your business is protected against phishing attacks to prevent the negative impact it may have on your reputation, financial position, employees and customers.
Protecting your organisation from phishing attacks ensures you can mitigate risk while minimising disruption to your business and productivity. Putting protective measures in place ensures your users can identify a phishing email and makes it difficult for malicious actors to reach your end-users. It is important to help your users understand the impact of a phishing attack if it goes undetected and how to report one to ensure it does not reach this stage. A quick response to any suspected phishing incident is crucial to minimise the impact of a successful attack as much as possible.
Protective measures should be a combination of user training and technical controls. This will ensure that you are adopting a defence in depth approach to building resilience against phishing attacks. This should ensure that you have multiple opportunities to effectively detect and prevent a successful phishing attack. The evolving nature of phishing attacks means it will not always be possible to stop them, but your awareness and knowledge will ensure you can plan and mitigate risk accordingly.
1. Train your users to identify and report phishing
As discussed, training is a crucial part of phishing protection. Users naturally open emails and click on links during the day as part of their work and personal duties. It is not often that everyone vigilantly checks each email before opening it. As phishing attacks are getting more sophisticated and realistic, it may be difficult to identify every attempt. Our blog post dissects a real phishing email and shows you how to spot the different elements that can be used to identify suspicious emails.
Training your users to understand the common tactics used in phishing emails will ensure they can spot when emails are official and when they are not. Make sure your users know the impact of phishing attacks and the benefits of sufficient protection. They should also know when and how to report an attack or suspicion. Having an open and honest reporting culture will help your users feel like they can report an incident without being blamed or punished.
2. Secure and configure your devices and accounts
Technical protection can be achieved by securing your user devices. As malware is often downloaded onto devices when sinister links are clicked, you should ensure anti-malware is in place and your devices are well-configured. This will reduce the likelihood that common malware is executed on a device even if a link is clicked by the end-user. You should keep this software up to date so your device can remain protected.
You can also implement software that automatically blocks suspicious websites. Even if an email link is clicked, if the browser cannot open the website the attack cannot continue. Most browsers will block sites if they are known for phishing or malware. Two-factor authentication will also add another layer of protection to user accounts, should a user’s password be compromised.
3. Protect your email addresses and filter incoming emails
Filtering and blocking phishing emails is a great way to protect against attacks. Mail filtering software prevents malicious emails from reaching your users’ inboxes ensuring that they cannot open it. It also helps to maintain user productivity as less time is spent going through emails and raising alerts for suspicious activity. Emails can be filtered or blocked using IP addresses, domain names, blacklists or attachment types. Whether you want to filter or block emails depends on the needs of your organisation, and may need to be reviewed depending on how your business operates.
One common phishing tactic is to replicate official emails to make it look like it was sent by a trusted and reputable organisation. This makes it harder for your users to identify a malicious email compared to a reliable one. Configure your mail filtering solution to check for anti-spoofing controls such as DMARC, SPF and DKIM, which makes it difficult for fake emails to be sent to your domains.
Regular simulations should be performed to maintain awareness and identify additional training requirements. Sentrium can help to protect your organisation from phishing attacks. We simulate phishing attacks and provide detailed metrics to aid your organisation in building resilience. Our simulations can be tailored to the frequency, targets and content of the phishing attacks. This supports your organisation to become more sophisticated against phishing attacks as you improve with training and practice.
OWASP Top 10 2021 Released
The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP…
What is penetration testing and why is it important to use a CREST-approved provider?
Trusting the effectiveness of your IT security controls is crucial to mitigate risks and malicious access to your systems and the information they store. Penetration…
How secure use of the cloud can digitally transform your business
Companies that move towards digital transformation can innovate more quickly, scale efficiently and reduce risk by implementing cloud security best practices. Businesses must keep up…
How to prepare your business for secure cloud migration
The cloud holds a lot of potential for organisations. Moving your IT environment to a secure cloud provides flexibility and agility. It allows your team…
Celebrating Sentrium’s contribution to cyber security
2020 is the year that remote working exploded. Businesses and the general public had to quickly adapt to new ways of working caused by the…
What is CREST and what are the benefits of using a CREST accredited company?
We’re delighted to announce that Sentrium Security is now a CREST accredited company! This is an exciting achievement for us and it’s great to be…
Application Security 101 – HTTP headers
1. Strict-Transport-Security The HTTP Strict Transport Security (HSTS) header forces browsers and other agents to interact with web servers over the encrypted HTTPS protocol, which…
New Exchange RCE vulnerability actively exploited
Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell.…
How effective is secure code review for discovering vulnerabilities?
We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle…
Application Security (AppSec)
There is a movement in the IT security world that is gaining traction, and it is based around the implementation of security within applications from…
Enhancing Security in your Software Development LifeCycle – Dealing with Dependencies
The adoption of agile practices has resulted in the emergence of shift-lift testing, where testing is performed much earlier in the Software Development LifeCycle (SDLC).…