What processes need to be in place to minimise phishing attacks?


Phishing scams are designed to take advantage of lapses in security awareness. Masquerading as a familiar and reliable source, phishing scams convince victims that their messages are legitimate and deceive them into providing confidential information, or to click on a link that can download malicious software. Given the steady rise and sophistication of phishing attacks, many organisations are trying different techniques to mitigate the risks posed by these attacks

Carolyn Crandall, Chief Deception Officer at Attivo Networks offers the following insight into how to overcome the problem:

"Employee training, employee training, employee training. Can’t say it enough on training. Continual reminders and training on how to identify phishing emails and best practices on how to handle them is critical. Organisations should also conduct ongoing internal tests to see if employees will fall for simulated phishing emails with those that do, should get individual training and testing. Establishments should also make it easy for employees to submit suspicious emails with a default email alias that everyone is aware of. *

A better to be “safe than sorry” approach will encourage employees to openly submit suspicious emails. It is also critical that the review team promptly reply, without judgement on what is sent in. For efficiency, some companies will use automated systems to check to see if the emails are malicious. More advanced teams will also take the time to detonate the malware to learn more about the attacker’s tools, tactics, and intent. These features can be seen in various phishing tools and in deception platforms that have built-in sandboxes.

Phishing is the preferred method of attack and techniques are getting more advanced and authentic every day. For organisations to stay ahead, it will be critical to continually teach every employee, contractor, and supplier best practices for not falling victim. And, since we are all human, put in place detection safety nets so that in the event that mistakes are made, the attacker can’t successfully advance their attack."