Businesses are constantly evaluating how to better defend against advanced phishing emails that bypass security perimeters.
A robust multi-layer defence strategy includes evolving internal systems and processes to block unknown phishing threats before they reach a network. More importantly, it must look at how they detect and respond to threats after they penetrate a layer of security.
Customers of all sizes are looking for both alternative solutions and service providers to help them address gaps where current technologies and processes are failing to protect them.
The top influences driving managed phishing defence services for customers today are:
1. The changing face of threat tactics is outpacing the speed of adoption in new technologies.
Blink and the threat landscape has changed again. Costs associated with maintaining staff security expertise and knowledge across the latest technological developments can be difficult to meet. A possible solution lies in using AI to handle all new phishing threats. But it requires programming with built-in intelligence to progressively learn and respond within the surrounding environment.
Service providers research which vendors to go to market with and also have subject matter experts around a set of security solutions. This means customers can reduce staffing overheads and also enjoy best practice programs.
2. With great powers come great responsibilities.
Within a rapidly shifting technology landscape of digitisation, Cloud adoption and migration, on-demand content and availability, managed security service providers (MSSPs) provide a vital service by controlling multiple customer environments and hosting much of their customers’ data. The concept of shared responsibility between a service provider and their customers shifts the risk profile over to the MSSP.
It is effective in stopping data breaches triggered by phishing attacks. Users must be able to recognise such attacks and service providers need to be armed with actionable threat intelligence to rapidly manage an attack. Service providers that apply a multi-layer phishing defence strategy, blending ‘human sensors’ with technology within their own network, will take the same approach with customers.
3. New Government Policies
In recent years, local and global data protection laws have changed with the adoption of the General Data Protection Regulation (GDPR) and the roll-out of the Notifiable Data Breaches Scheme. Organisations that breach regulations face large fines, bad press, loss of customer confidence and damage to brand reputation.
According to an Office of the Australian Information Commissioner (OAIC) quarterly report, healthcare is the most-breached industry sector over the past 12 months. The recent ransomware attack affecting hospitals and healthcare providers in Victoria is a prime example of threats bypassing security controls.
Service providers that keep pace with changing regulations ensure customers are well prepared to handle, store and protect data.
4. Technology alone is not a bulletproof solution
Research and analysis teams at Cofense Labs and Cofense Phishing Defense Centre say current threats include a plethora of phishing campaigns using voice mail, malware such as the Houdini worm, and trusted technologies like Captcha, all of which bypass secure email gateways and end up in user inboxes. Attackers are also targeting the Cloud and popular filesharing services such as SharePoint and OneDrive.
A spear-phishing email initiated a recent breach at the Australian National University (ANU) in Canberra. According to an incident report issued by ANU highlights the evolution of today’s threats where it only requires a user to open an email to commence an attack.
The bottom line: phishing is still the preferred delivery vehicle for malware and triggers many data breaches. Customers need intelligent, comprehensive, end-to-end protection.
Cofense is a leader in intelligent phishing defence solutions, with thousands of enterprise customers worldwide. By partnering with service providers, Cofense is furthering its goal of uniting humanity against phishing by accelerating the adoption of its technology to help organisations become more resilient.
The Cofense phishing defence platformembraces, enables and leverages crowd intelligence on a global scale. Read the Brand Post Series to learn how MSSPs can create new revenue streams with Cofense or download the MSSP Case Study to find out why service providers are partnering with the company.
Contact the Cofense team at firstname.lastname@example.org or visit https://cofense.com/managed-security-service-providers/ to learn more about the MSSP Program.