Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Some phishing attacks target customers rather than employees, and others simply aim to damage your corporate reputation rather than compromise your systems. A key factor in protecting your business from phishing is to understand your vulnerabilities, weigh the potential risk to your business, and decide what tools offer the best protection to match your business needs.
Why phishing is successful
Most phishing attacks are less about the technology and more about social engineering. It’s amazing how easily humans are manipulated when emotions are triggered. Many modern phishing emails play on empathy or fear, or even make hostile accusations in order to trigger an angry response.
Another reason phishing is so successful and popular is that it can be used to disrupt a target in a number of different ways — for example, by impacting human productivity by requiring employees to manually validate message contents or to involve corporate IT, or compromising financial accounts or enterprise systems (often leading to ransomware attacks). On the flip side, phishing is hard to prevent because of the risk of false positives disrupting legitimate business communication.
How to protect your business against phishing
A big part of protecting your business, employees, and customers from phishing attacks is by leveraging industry standards and implementing best practices whenever possible. Standards like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) are all intended to fight the prevalence of SPAM by allowing receiving email servers to authenticate the servers they receive mail from. Put another way, the goal of these standards is to ensure that mail servers claiming to be sending on behalf of your domain is authorized to do so. Each of these standards are based in DNS and are relatively straightforward to implement.
In fact, you probably get your email through a service provider like Google or Microsoft, and that service includes up to date implementation of these standards. Professional email services like these provide some level of protection against phishing already, but they are far from perfect, leaving open a market for these services.
One major attack method is geared toward stealing information through low-tech methods such as email replies. Tools like content policies available in business productivity services such as Microsoft 365, Google Workspace, and even as a third-party tool from multiple vendors, are invaluable for preventing this sort of attack from reaching a successful conclusion. Content policies help automate the identification of key information types like credit card or bank account numbers, social security numbers, and other information that should be closely guarded, and prevent this information from being sent outside the organization.
The biggest risk stemming from phishing attacks for most enterprises is system compromise ultimately resulting in financial or data loss (or even ransomware). As such the primary defense mechanism must be a strong form of multi-factor authentication (MFA) and authentication standards such as Fast Identity Online v2 (FIDO2) or Web Authentication (WebAuthn). Ideally enterprises should be taking MFA a step further and introducing password-less authentication using zero-trust. Modern authentication strategies like risk-based authentication and Security Assertion Markup Language (SAML) are also powerful tools in preventing the worst-case scenario from occurring due to a successful phishing attack. Each of these components have a role to play in your organization, but the benefits are two-fold: the damage done from a compromised password is minimized (if not eradicated), and systems are put in place to be able to analyze authentication attempts and react to compromised credentials in real time.
Top anti-phishing tools
A variety of tools are available to help protect your business from the types of threats phishing attacks present your organization. Half the battle is knowing what solutions are available and how they can help protect your business, and thus your employees and customers.
Avanan offers anti-phishing software for cloud-hosted email, tying into your email provider using APIs to train their AI using historical email. The service analyzes not just message contents, formatting, and header information, but evaluates existing relationships between senders and receivers to establish a level of trust.
2. Barracuda Sentinel
Barracuda Sentinel is another tool that leverages mail provider APIs to protect against phishing as well as business email compromise (BEC). Because compromised email accounts tend to lead to more phishing attempts or further account-based attacks, Barracuda’s focus on minimizing further damage as a result of a successful phishing attempt has more value than relying solely on prevention. Barracuda also provides brand protection and domain fraud prevention through DMARC analysis and reporting.
BrandShield focuses exclusively on protecting your corporate brand and that of your executives. Identifying phishing attacks (through email, social media, or other mediums) which leverage your brand or the names of your executives is just one component of BrandShield’s portfolio. BrandShield also monitors the internet for rogue websites using your brand as well as marketplaces like Amazon where physical counterfeits of your products could pop up for sale.
4. Cofense PDR
Cofense PDR (Phishing Detection and Response) is a managed service where both AI-based tools and security professionals are leveraged in concert to identify and mitigate phishing attacks as they happen. Managed services can be a good option if you need to maximize the level of protection, as they can be more effective than even hiring a full-time team to handle phishing prevention since the managed services team is able to evaluate threat data from all of the enterprise systems they protect.
5. RSA FraudAction
RSA FraudAction anti-phishing service obviously comes from one of the big names in network security, and the list of features offered is what you’d expect from a heavy hitter. The anti-phishing service is a managed service like what Cofense offers, and RSA brings capabilities like site shutdown, forensics, and optional countermeasures such as strategically responding to phishing attempts with planted credentials in order to track the attack chain and respond accordingly.
IRONSCALES is an email security platform that seeks to strengthen your existing email system through dynamic detection and analysis: blocking, flagging, or simply adding a banner to potentially suspicious email. IRONSCALES also offers end user training, focused on email security and general awareness, which helps strengthen your defense against the core of phishing: the social engineering attack.
KnowBe4 boasts one of the biggest names in hacking (Kevin Mitnick) as their Chief Hacking Officer. Many of Mitnick’s exploits were centered around social engineering, and their business reflects that by focusing on enabling employees to make better decisions through education. In addition to their top-rated awareness training KnowBe4 also offers PhishER, which is a Security Orchestration, Automation, and Response (SOAR) platform centered around phishing attempts: enabling your security team to more efficiently respond to email-based threats to your organization.
Mimecast offers several tools for protecting against phishing attempts, including features which detect malicious links and attachments removing them or rendering them safe using advanced methods like sandboxing. Mimecast’s ability to prevent code-based attacks initiated through phishing emails or more sophisticated methods like QR codes by opening links within the Mimecast cloud, simplifying the deployment process and ensuring prevention tools are always updated to the bleeding age.
9. Microsoft Defender for Office 365
Microsoft Defender for Office 365 brings similar capabilities as some of the other tools on this list: user training, phishing detection and prevention, forensic and root-cause analysis, and even threat hunting. Because Defender is simply an add-on for Office 365, it’s integrated tightly without having to configure the initial integration. Microsoft also offers preset security policies that you can adjust to your needs; supporting enforcement, the option for users to override, and tracking policy changes over time. This service has special advantages for Office 365 customers, and special disadvantages for everyone else.
Valimail should be of interest even to IT shops with little-to-no budget. Valimail’s DMARC offering walks you through configuring DMARC for your email domains, and then aggregates and generates daily DMARC reports. Gaining this visibility into email authentication can help you rapidly identify additional senders that may be legitimate, potentially add them to your DMARC configuration, and then ramp up enforcement in order to prevent unauthorized email forging your domain. The best part is that Valimail offers several of their DMARC tools for free. The other service Valimail offers is Amplify, which facilitates implementation of the BIMI standard (Brand Indicators for Message Identification), which adds a corporate logo to email originating from your organization, showing that the sender is authenticated and valid. BIMI not only adds a layer of sophistication to your email config, it enhances trust in emails coming from your domain both for receiving servers and ultimately the recipient.
Copyright © 2022 IDG Communications, Inc.