Phishing is one of the most effective ways of gaining initial access to business networks, either by stealing credentials or installing malware. Phishing exploits human weaknesses and involves tricking individuals using social engineering into taking a certain action, such as visiting a website where they are asked for sensitive information or opening a file that contains malicious code.
One of the best defenses against phishing attacks is a spam filter. A spam filter will scan all incoming (and often outbound) emails looking for the signatures of spam and phishing. Suspect messages are quarantined pending a manual review and rules can be set for confirmed phishing emails, which is often to delete the messages or quarantine them for further investigation. Spam filters will prevent the majority of malicious emails from reaching inboxes, but crucially, not all. Some malicious messages will bypass the spam filter and will land in inboxes, no matter what spam filtering solution you use.
Advanced spam filters such as SpamTitan provide several layers of protection against spam, phishing, and malware but even advanced spam filters are not sufficient on their own to combat phishing. Cybercriminals are now conducting highly sophisticated attacks, so further layers need to be added to your defenses. A web filter is recommended for blocking access to the URLs linked in phishing emails. Spam filters may check links in emails, but these may be made malicious after emails are delivered. A web filter provides time-of-click protection against malicious links. Web filters can also be configured to block certain file downloads from the Internet.
To protect against credential theft, businesses should consider providing a password manager to their employees. Phishing attacks that seek credentials usually direct users to a spoofed website, such as a site with a fake Microsoft login prompt for stealing Microsoft 365 credentials. Employees are often fooled by these scams as the phishing sites look exactly the same as the brands they spoof. Password managers provide some protection. When a password is added to the password vault, it is associated with a specific URL or domain. If the user lands on that URL or domain, the password manager will autofill the password. If the user lands on an unrelated domain, the password will not be filled as the URL or domain is not associated with that password. That serves as a warning that the URL has not been visited before.
Sometimes, employees will be fooled and will disclose their login credentials. This is where multi-factor authentication helps. With multi-factor authentication enabled, compromised passwords will not grant access to accounts unless an additional factor is provided. Since phishing kits are in use that are capable of intercepting MFA codes, the choice of MFA is important. For the best protection use phishing-resistant MFA, which is based on FIDO authentication.
By implementing all of the above technical measures, businesses will be well protected against phishing attacks, but that does not mean it is not necessary to provide security awareness training to the workforce. Security awareness training forms the final layer of protection and prepares employees for the threats they are likely to encounter. Security awareness training teaches employees about phishing, malware, business email compromise, and other cyber threats, and explains best practices and why they are essential for security. The goal of security awareness training is to create a security culture where all employees are aware that they play a role in the security of their organization and to develop a reporting culture where the IT department is made aware of any threats that bypass defenses. That allows the IT department to tweak security solutions to make sure similar threats are blocked in the future.
Security awareness training should be accompanied by phishing simulations. These simulated phishing attacks identify weaknesses that can be addressed. That may be a gap in the training content or an individual who has not understood the training. Simulations allow gaps to be proactively addressed before they are exploited in real cyberattacks. Simulations also help to keep training fresh in the mind and give employees practice at identifying cyber threats.
TitanHQ can help your business to improve defenses against phishing and cyberattacks through layered defenses provided by SpamTitan email security, WebTitan web filtering, and SafeTitan security awareness training. For more information on improving your phishing defenses, give the TitanHQ team a call.