By Ty Tyra, guest blogger
Let’s examine the need to craft strategies to combat phishing and malicious emails.
Develop an Anti-Phishing/Malicious Email Strategy
As stated in the introduction to this series, the bad guys understand that many organizations have successfully hardened their perimeter security these days. The key is finding a way around the hard exterior shell. One of the primary vectors of accomplishing that is via attacks on the end user leveraging email. Since the use of email is a legitimate business process and the perimeter controls must allow email traffic, malicious actors use it to get past the organization’s well-defended border. Such attacks are manifested as phishing attempts aimed at capturing credentials or infecting a user’s machine via malicious links or an attachment.
Because of the prevalence of this type of attack, developing an anti-phishing strategy is a must. It begins with user education regarding these threats, along with regular testing and reinforcement of that education. Internal campaigns that simulate phishing and malicious emails are an excellent way to gauge the awareness of an organization’s user population to such threats. Develop metrics that track the percentage of successful simulated phishing attacks over time. The goal is to educate employees well enough so that this percentage consistently decreases over time.
If possible, leverage inline solutions that proactively identify and quarantine such email threats before they reach a user’s inbox. This is an excellent tool in combatting large, organized phishing and malicious email campaigns. If available, use automated analysis of such threats to determine the external domains involved and block them with any Web proxy capability your organization possesses.
Finally, one of the most cost-effective methods of identifying these threats is simply to create a large, noticeable banner that identifies all externally originating emails as being from a source outside of your organization. With proper user education, this strategy can aid in identifying spoofed emails posing as company executives or people in positions of authority within the organization.