Email unquestionably makes it easier for organizations to communicate and is essential to doing business. However, it continues to expose organizations to new avenues of attack by hackers looking to gain illegal access to sensitive data and funds. Phishing scams are rampant and become more sophisticated by the day. The warning signs that previously tipped users off to potential attacks are now all too often overlooked as users become complacent and attackers' methods evolve.

The best defense against the ever-changing email security threat is for organizations to ensure that their commitment to security awareness training and security tools embraces constant adaptation and optimization against new and emerging risks. This approach will help the organization and users identify, ignore and/or remediate threats before they cause harm.

|

The Importance of Security Awareness Training

Regular, ongoing and evolving security awareness training is critical to empowering your users to spot phishing scams and to stop attacks before they start. Users need not only be aware of the potential new threats that have emerged but also be constantly reminded that they are a key impediment in the path of those who wish to do the organization harm. When users are given concrete examples of how others have been compromised, they are more likely to be leery of scams and less likely to repeat the same mistakes.

A number of sophisticated tools can help organizations implement effective security awareness training. KnowBe4, SecurIT360, Keno Kozie and other vendors offer training services as part of their security offerings that organizations should leverage as part of their security posture. These annual training modules should be supplemented by simulated phishing attacks—few things motivate people to act properly more than being caught doing something wrong. Simulated phishing attacks do just that without compromising actual data, funds or your firm's prestige and goodwill.

Training solutions should include simulated phishing attacks by sending messages to your users containing fake compromised links or attachments. When a user clicks on the simulated phishing attack, that staff member is automatically flagged and forced to complete remedial security awareness training sessions. The organization should record which users constitute an internal threat and take appropriate disciplinary action if those users fail to learn from their mistakes.

While crucial to preventing successful attacks, security awareness training is still only one step in protecting your organization. Organizations must also focus on implementing tools to serve as additional lines of defense against cyberattacks.

|

Supplementing Training with the Right Tools

As phishing scams have evolved, they've become more difficult for the average user to spot. Similarly, some of the tools that protect us put more of the onus on users. The following tools are designed to help identify and prevent malicious attacks without putting undue or repetitive obligations on users—read as "things users will not do." These tools should be part of every organization's technology arsenal.

Mail Security and Sanitation: Vendors such as Mimecast and Proofpoint offer an array of tools that help organizations identify and prevent phishing, ransomware and impersonation attacks. These tools compare the sender of every email arriving in your inbox to your known colleagues and either notify you or stop messages if something is identified as suspect. This goes beyond new or unknown domains—even if an email is from a legitimate address such as a sender's personal address as opposed to the work address from which they usually email, the messages are flagged or stopped.

Going a step further than just filtering email messages, Mimecast Targeted Threat Protection tools provide threat protection in a more sophisticated manner. Mimecast extracts URLs from emails and runs them through Mimecast servers to test their legitimacy. If a link is identified as threatening, the tool will block it when a user tries to click on it, even if it was marked as safe when originally sent. Similar procedures are used for attachment protection – Mimecast extracts attachments from emails and houses them on its own servers, ensuring that they're safe before you click on them.

Multifactor Authentication: In addition to strong passwords, the use of multifactor authentication is one of the best ways to prevent unauthorized users from accessing email accounts. MFA requires two pieces of information instead of simply a password in order to access an account. This means that attackers cannot gain access to your employees' email accounts even if they've managed to obtain passwords or credentials. This is key as users are prone to recycling passwords and password patterns across many sites. By requiring MFA, an organization can ensure that a user's credentials getting compromised at a third party will lead to limited risk to the organization.

Data Leakage Protection: DLP features can be added to email accounts to identify data before it is exfiltrated from your network. Many data leaks are malicious but may not be part of an external attack. Most commonly, organizations experience data leakage events when employees are about to depart and they forward emails out of the firm to their personal accounts. These tools, available from vendors like Mimecast and Microsoft Exchange (both on premises and in the cloud via Office 365), identify forwarding trends, and either alert IT staff or block the ability to send the suspect emails altogether.

Malware Protection: Good malware protection allows your organization to set up strong perimeter defenses for filtering out viruses and malware before they cause harm. Historically, malware protection was the only tool organizations relied on to protect against external threats. Microsoft and Trend Micro are two of the most common vendors that provide malware protection today. Their Windows Defender Suite and Trend Micro's various solutions can help with this crucial first step while also providing limited URL protection, IDS and other dynamic protections on your end points.

Web and Browser Filtering: Web browsing, similar to email, allows remote parties to interact directly with users and creates some of the greatest risk to organizational security. Vendors like Cisco Umbrella and Menlo Security provide tools that filter users' browsing in real time to prevent them from accessing malicious sites directly or through compromised links delivered via email. Even if an email contains a link to a site that wasn't initially bad, these filters identify those sites that have later been compromised or are no longer safe, rendering suspicious links—and sites that are not compliant with the organization's standards—inaccessible.

SIEM Solutions: All of the tools listed above are independent and generate unique reports. Security information and event management solutions act as a repository for all security events, whether originating at the firewall or coming from a mail security solution or any of the firm's security tools. This centralized system helps protect organizations by aggregating information and alerting the appropriate resources to security anomalies, including those around email communications. SIEM tools provide insight and alerting on where accounts are being accessed and where data is going, letting you know if anyone has improperly gained outside access or hijacked an account that might otherwise seem unaffected. These tools require high levels of knowledge and management to be effective at detecting breaches. Because of this many organizations leverage managed SIEM solutions.

Human Layer Messaging Security: Many current email systems create notifications designed to warn users of external emails, but most users have gotten so used to them that they now ignore these alerts. Vendors such as MessageControl provide tools that are more useful and detailed – they won't just tell you that a message originated externally, but that the message is from a domain from which you've never received an email before, a domain that was created just yesterday or a domain that is known to be bad or malicious.

Rather than simply flagging external senders for countless emails, MessageControl's tools tell you that a sender is not the same sender that emailed you yesterday. With MessageControl, users are getting more customized and nuanced alerts in their email, empowering them to act based upon less frequent and more actionable sender information.

|

Building the Best Defense Against Phishing Scams

Phishing attacks are ever-evolving and becoming more sophisticated, and your methods of defense need to evolve along with them. Regular, ongoing security awareness training is critical to equipping your users to spot potential attacks, but your defenses can't stop there. Training needs to be constantly adjusted and supplemented with the most powerful tools on the market. This will help your organization identify and block threats. With the right combination of training and tools, your organization will be in the best possible position to avoid being at the center of the next big security breach.

 

Eli Nussbaum is a managing director at Keno Kozie Associates. He joined the firm in 1998 as part of its Y2K audit team. Nussbaum then became a full-time engineer, holding every position within the department before taking on an account management role. During his tenure with Keno Kozie, Nussbaum has focused on physical, virtual and cloud infrastructure design and implementation for both infrastructure and client environments.