Cybercriminals use many different tactics, techniques, and procedures to gain access to the IT environments of businesses but phishing is one of the most common attack vectors. By investing in phishing prevention solutions, businesses will be able to block most of these attacks and, coupled with security awareness training for the workforce, will be able to stop phishing attacks from succeeding.
Unfortunately, phishing prevention has become a lot harder in recent years. Phishing attacks on businesses have been increasing every year, and there was a massive rise during the pandemic. F5’s Security Operations Center reported a 220% increase in attacks during the pandemic, and according to Cisco, at least one person clicked a link in a phishing email at 86% of organizations. There have been various reports on phishing that suggest as many as 90% of data breaches involve phishing.
As well as the increase in volume, phishing attempts have become more sophisticated. Mass phishing campaigns are still conducted using tried and tested techniques and lures, but spear phishing and whaling attacks have also increased. These highly targeted phishing campaigns are only conducted on a very small number of individuals and are highly personalized to maximize the probability of a response. These emails can be almost impossible for he targeted individuals to distinguish from genuine communications. Some malware variants can self-propagate and send copies of themselves via email, often hijacking genuine email threats to make it appear that the email is a response to a previous email conversation.
In addition to many phishing attempts being difficult for humans to identify, new tactics are constantly being developed to hide phishing emails from email security solutions. While advanced anti-phishing solutions such as SpamTitan will block the majority of phishing threats, no email security solution will, in isolation, provide total phishing protection. Phishing prevention in 2022 needs to include multiple layers of protection. Businesses need to develop a comprehensive phishing prevention strategy that includes technical and administrative safeguards to ensure they are protected against phishing threats.
Phishing Prevention Tips for SMBs
While technical solutions for blocking phishing attacks are very effective, it is important not to totally rely on technology for blocking attacks, but it is a good place to start.
Technology for Blocking Phishing Attacks
There are many different technical solutions that can be used for phishing prevention, and all should be implemented as part of a defense-in-depth strategy. Should one of these layers of protection fail to block a threat, others will be in place to detect and block the threat.
Email Security Solutions
An email security solution is the most important technical measure to implement for phishing prevention as the majority of phishing attempts occur via email. These solutions are a gateway through which all emails much pass, and in order to be delivered, they must pass a barrage of checks. These include scans of attachments using antivirus engines, behavioral analysis of attachments in a sandbox, checks of embedded hyperlinks in emails, and Bayesian analysis and heuristics tests. Email security solutions will also block emails from known malicious IPs and will score messages based on the likelihood of them being spam or malicious. In addition to these features, SpamTitan Email Security also includes outbound scanning to identify any phishing emails being sent from compromised mailboxes and attempts at data exfiltration via email.
DNS filters provide an additional layer of protection against phishing attacks by blocking access to the websites where credentials are stolen or malware is hosted. Due to the techniques used by phishers, email security solutions do not always detect embedded hyperlinks in emails as malicious. A DNS filter will block access to known malicious websites and web pages, no matter how a user tries to visit those resources – via a link in an email, text message, on a website, or from general web browsing. DNS filters such as WebTitan can also assess the content on web pages in real-time, and businesses can use them to block specific file downloads and prevent employees from accessing risky types of websites, such as those that are frequently used for distributing malware – peer-to-peer file sharing networks for instance.
Antivirus Software and Endpoint Detection Solutions
With an email security solution and a DNS filter, businesses will be well protected, but they should also ensure that antivirus software is installed on all endpoints and that the virus definition lists are automatically updated. Antivirus software is only effective at detecting and neutralizing known malware variants, so novel malware threats will not be detected. You should therefore consider using a more advanced endpoint detection solution that is capable of analyzing activity on devices and can identify any anomalous behavior that could indicate a malware infection.
Multifactor authentication is important for preventing phishing attacks from succeeding. It will not block attacks but can prevent the credentials stolen in phishing attacks from being used to access accounts. In addition to providing a valid username and password, multifactor authentication requires an additional authentication factor to be provided before account access is granted. Multifactor authentication will block the majority of attempts by unauthorized individuals to access accounts, although techniques have been developed that allow this important protection to be bypassed.
Administrative Safeguards for Phishing Prevention
There are administrative steps that businesses should take to reduce the severity of a phishing attack should it be successful.
Apply the Principle of Least Privilege
One of the most important steps is to apply the principle of least privilege. That means not providing access to resources that are not strictly necessary. Employees should only be able to access data, networks, drives, and applications that they need to use for their day-to-day work duties. Administrator privileges should be limited, and anyone that needs admin-level privileges should only use an admin account for conducting those tasks. They should log off and use an account with lower privileges for performing non-admin duties.
Reduce the volume of emails in email accounts
Phishing attacks often seek access to email accounts, which can contain huge volumes of sensitive data. In healthcare in the U.S. where data breaches must be reported and made public, there have been many phishing attacks that have seen a single account email compromised that contained the sensitive health information of hundreds of thousands of patients. It is important not to store too much data in email accounts. Remove them from email accounts and store them in an email archive for greater security. In the event that the email account is compromised, the attacker will not have access to so much data.
Security Awareness Training and Phishing Simulations
One of the most neglected elements of phishing prevention is security awareness training for employees. Phishing attacks target employees, so it is important to provide training to show employees how to identify phishing attempts and other malicious or scam emails. Multiple studies have demonstrated the effectiveness of security awareness training for phishing prevention. Typically, before training, around 30% of employees will click links in phishing emails or open potentially malicious attachments. After training that percentage can be reduced to around 5%.
Phishing simulations are an important tool for phishing prevention. They allow businesses to assess how well employees can identify phishing attempts and they highlight gaps in understanding of email threats. When an employee is fooled by a simulated phishing email, they can be provided with additional training to help them detect similar threats in the future. TitanHQ offers the SafeTitan Security Awareness Training and Phishing Simulation Platform to help businesses tackle the human element that I targeted in phishing attacks.
Phishing Prevention Summary
A phishing prevention strategy should be developed that includes technical measures such as email security, DNS filtering, and email archiving. Steps should also be taken to reduce the impact of phishing attacks, and security awareness training should be provided to all members of the workforce.
TitanHQ offers solutions covering all these aspects of phishing prevention. For more information, give the friendly sales team a call. Product demonstrations can be arranged and TitanHQ solutions are available on a free trial to allow you to test their effectiveness and discover how easy they are to use before deciding on a purchase.