Guest post by Steven Forsyth, ArcSight Product Manager
Phishing is the initial toehold of so many newsworthy breaches
No matter how hard you educate your employees to not click on weird-looking links in phishing or fake emails, there’s always a few that just can’t seem to stop themselves. To be fair, with the rapid pace of our work days, and the sophistication of the look and wording of phishing emails, it’s crazy to expect 100% perfection or discipline from employees dealing with phishing emails. At the end of the day, you can’t rely on your employees being the last line of defense for phishing protection.
Fun Fact: Fake invoices are the most popular bait
According to Verizon’s 2017 Data Breach Investigations Report, 66% of malware deployed during 2016 was done so via email attachments. The below graph from the Symantec 2017 ISTR (Internet Security Threat Report) helps us take a deeper look at the attacker’s tactics, highlighting the most popular clicked-on keyword used in subject lines. Fake invoices are still the most popular bait, though other lures are certainly finding success.
As phishing continue to be successful, the campaign sophistication grows
The latest and more sophisticated attacks are “spear” phishing campaigns which target your vertical, your company, or your most powerful users. When they target your C-Suite, they’re on a whaling campaign. We could go on and on with data and real-world examples. Refer to the sources I’ve referenced if you are looking for more details. There is also a long set of examples in this article, “What Phishing and Email Scams Look Like”.
The real question is, what to do?
We recommend a three-pronged approach in your battle against Phishing Campaigns:
- Education: While education alone won’t give you 100% success, it is foundational. You should be sure to continually test your success rate with simulations.
- Technical Defense: Install an email defense point solution. For example, McAfee and Trend Micro provide endpoint and gateway products that can identify malicious emails.
- Defense in Depth through Monitoring: Utilize Email defense monitoring to fuse and monitor your email defense systems into your security information and event management (SIEM).
ArcSight has simplified monitoring phishing activity from your SIEM
If you are using ArcSight Enterprise Security Manager, a comprehensive threat detection, analysis, triage, and compliance management SIEM platform, check out the newly released Activate Malware Email Monitoring solution to quickly implement the third prong. The package comes with over 20 pre-made use cases, including coverage for spear phishing attempts against your most sensitive users. Out of the box, the solution integrates with McAfee Security for Exchange, Trend Micro ScanMail, and Trend Micro Interscan Messaging Security. As with any Activate solution, other email defense products can be plugged into the use cases with the development of a few simple product package filters.
It’s never been easier to install ArcSight SIEM content
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.