In phishing defense, technology forms a net to catch bad emails. But recent data confirms that all nets have holes.
Research from the Cofense Phishing Defense Center™ shows the following:
- Over 31,000 phishing emails were verified as live threats in business environments during a six-month period (October 2018-March 2019)
- Nearly 75 percent of these verified phishing emails were designed to harvest credentials
- 91.2 percent of credential phishing attacks were found in environments with one or more secure email gateways
These statistics are alarming with 9 out of 10 credential phish verified by Cofense™ have made it past an email gateway.
That’s a big hole.
Attackers are barraging businesses with phishing emails, ambushing users to be a primary enabler to seize credentials, compromise internal systems, and trigger data breaches.
There are other reasons to enlist users to help battle phishing threats. The rise and tightening of local and global data protection laws and the convenience of the cloud-adoption and cloud-migration have opened up a new platform of security risks, including novel phishing attacks. Have your customers heard of the Zombie Phish? Do they know how file-sharing services are increasingly being abused? If the answer is yes, do they have the tools and a trained eye to spot and report the latest threats?
However, the most urgent reason is simply that technology can’t keep pace with attackers’ innovations.
Organisations must not rely on technology alone as the main prevention method. According to IDC, the value of human intelligence is pivotal in a phishing defence strategy. The challenge for many service providers is how they can help their customers better prepare themselves against stealthy threats that swim through a defence wall built only from technology.
Humans Can Plug the Gaps
Managed Security Service Providers (MSSPs) can help their customers be better prepared when they harness human intuition.
Here’s the proof: every one of those 31,000 phishing emails Cofense had verified was reported by a user. Human intelligence with sensors who can see, feel and put things into context – will my CEO send me a direct email to log onto Sharepoint to check a bonus payment?
MSSPs can play a fundamental role to facilitate a user’s education through a progressive training program, allowing users to recognize a phishing email and provide them with an easy way to report it. When MSSPs also equip their security operations teams with tools to sift through the noise and respond quickly to real threats, they ultimately scale human intuition to stop attacks cold.
A Few Best Practices
Customers must take advantage of their users who sit at the company’s frontline. It’s smart to run a phishing awareness program that stresses the importance of users to identify a phishing email and report it, not just resisting the lures. MSSPs can promote the idea that users are valuable sources of threat intelligence by rating the accuracy of each user from the emails they report, or they can increase the complexity of the simulation program to ensure users have not plateaued in their training program when the click-rate is close to zero. The SOC team have increased confidence the intelligence they receive are from reliable reporters with trained eyes and they can take immediate action from the data collected from the frontline.
Next, automate email analysis and response to the point where human experts can make an informed decision based on the intelligence gathered. If the threat is real, what actions should be taken? Who else has been a target with the same phishing email? In addition, it is important for MSSPs to have the ability to find and quarantine phishing emails that users DON’T report to SOC teams quickly before credentials are stolen or other damage occur.
Transform the behaviour and culture of a customer. Through experiential learning, MSSPs can teach customers how to identify and respond to a phishing email to reduce their susceptibility of a phishing attack. It’s a balance of humans and machines, drawing upon each’s strengths. Technology speeds up repeatable tasks like sifting through piles of reported emails. Human intuition knows to report an email that appear dubious, leading to human experience and intelligence to make the right mitigation decisions.
How Cofense Can Help MSSPs
- Since most phishing emails are sent to gather credentials, MSSPs can protect their customer’s keys to their kingdom by conditioning users to be resilient with Cofense PhishMe™. With so many phish wiggling past email gateways, Cofense can help MSSPs remove the blind spot and give visibility into attacks with Cofense Reporter™.
- Cofense provides MSSPs with the tools to turn their customer’s user reports into valuable intelligence with Cofense Triage™ and quarantine threats quickly using Cofense Vision™.
- Attackers do their research, therefore so must we. MSSPs can perform their research using a free tool called Cofense CloudSeeker™. Every SaaS platform used by a MSSP or their customer is an opportunity for attackers to exploit it. MSSPs can understand what SaaS applications are configured within their customer’s domain to uncover applications provisioned without their service provider’s knowledge and to uncover potential risks within a customer’s environment.
- Cofense Managed Security Service Provider (MSSP) Program can help service providers unit all their customers in the fight against phishing. Read our Brand Post Series to learn how to create a new revenue stream by offering an intelligent phishing defence program.
Contact the Cofense team at email@example.com or visit https://cofense.com/managed-security-service-providers/ to learn more about the MSSP Program.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.