CyberCX Unmasks China-linked AI Disinformation Capability on X → 

Cyber Security Month: How to protect your organization from phishing attacks

Introduction to Cyber Security, Phishing Threats, Security Education

#CyberSecMonth 2022

Phishing

Cyber Security Month 2022

The European Cybersecurity Month is turning 10! For the 10th consecutive year the European Union Agency for Cybersecurity (ENISA) is partnering with the Commission and Member States in carrying out #CyberSecMonth: the EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organizations and providing up-to-date online security information through awareness raising activities and sharing of good practices.

The themes for this year’s Cybersecurity Month are: Phishing and Ransomware

Phishing attacks and scams have thrived since the COVID pandemic began in 2020 and today, phishing attacks account for more than 80 percent of reported security incidents.

Phishing is a type of social engineering attack in which users are contacted by email, telephone or text message by someone posing to be from a legitimate institution to lure individuals into providing sensitive data. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.

Phishing emails can hit an organization of any size and type. It could be a mass campaign or a targeted attack against your organization, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

1. Filter or block incoming emails

Improve your resilience against phishing attacks by blocking emails before they reach your employees

2. Educate employees

Provide your employees with training so they are able to identify and report suspected phishing emails

3. Have an incident response plan

Minimise the damage and return to business as usual quickly and efficiently with an incident response plan

1. Filter or block incoming emails

Filtering or blocking an email before it reaches your employees will obviously reduce the probability of a phishing incident and it also reduces the amount of time your employees need to spend checking and reporting emails. Your filtering/blocking service might be a cloud-based email provider’s built-in service, or a bespoke service for your own email server.

If you use a cloud-based email provider you should check that the filtering/blocking service is adequate for your needs, and that it is switched on by default for all your users. If you host your own email server make sure that a proven filtering/blocking service is in place. This can be implemented locally and/or purchased as a cloud-based service. Again, ensure that it is switched on by default for all your users.

Filtering services usually send email to spam/junk folders, whereas blocking services means the email is blocked completely. The rules determining blocking or filtering need to be adjusted for your organization to make sure you have the right balance in place. Filtering all suspicious emails to spam/junk folders might mean users have a lot of emails to manage and this could mean they are more likely to click a phishing email however if you block all suspicious emails then some genuine emails may never get through. You will need to ensure you have the right rules in place for your organization and that they are regularly reviewed.

Email can be filtered or blocked using a variety of techniques including: IP addresses, domain names, email address white/black list, public spam and open relay black lists, attachment types, and malware detection.

2. Educate employees to identify and report suspected phishing emails

Recognising fraudulent emails and phishing scams is not easy so it’s important that you educate your employees on why phishing is harmful and empower them to detect and report phishing attempts.

Depending on your organization’s culture and size this can be delivered via a written document, videos or in person training, or a combination of the above.

Simulated phishing campaigns reinforce employee training and help to understand your risk and improve workforce resiliency. Your organization can then monitor the results to understand which attack types were most successful or if any departments were more susceptible to allow you to strengthen your phishing awareness training and add additional training where it is needed.

Customer-facing departments may receive high volumes of unsolicited emails so may be a greater risk. In addition, employees authorised to access sensitive information, manage financial assets, or administer IT systems will be of greater interest to an attacker and therefore may be the target of a sophisticated spear phishing campaign. Ensure these more exposed employees are aware of the risks and offer them additional support.

Creating the ability for users to report phishing attempts (including ones that that are clicked on) gives you vital information about what types of phishing attacks are being used. You can also learn what type of emails are getting mistaken for phishing, and what impact this might be having on your organization.

3. Have an incident response plan

It’s not possible to stop all attacks and all organizations will experience security incidents at some point. So it’s important to make sure your organization can respond to them quickly and effectively.

A good incident response plan will reduce the impact when an incident does happen. Being able to detect and quickly respond to incidents will help to prevent further damage, reducing the financial and operational impact. Knowing how to respond and manage external communications around the incident will help to reduce the reputational impact. After an incident has happened it is important to then update your response plan with any new learnings to ensure that you are more prepared in the future.

  • What information needs to be protected and where is it stored?
  • Who owns the data and has responsibility for managing it?
  • Do you have sufficient IT resources to respond to an attack or do you need to consider third-party support?
  • Do you have executive buy-in from the top of the organization?
  • Have all stakeholders been assigned roles and responsibilities? This is likely to include your IT security team, but will also include legal, HR and Public Relations, as well as suppliers and vendors.
  • Is your incident response plan linked to disaster recovery, business continuity and crisis management plans, and supported with the relevant capabilities?
  • What is the chain of command that includes both IT and organization leaders?
  • Establish your criteria for escalation to senior management and what needs to happen for you to scale up your response?
  • What is the incident response workflow among different stakeholders and departments ?
  • Do you have 24/7 contact information for all incident response team members, their backups, and managers, as well as alternative channels of communication if regular channels are compromised or unavailable?
  • Do you have an up-to-date list of preferred suppliers for forensics, hardware replacement, and related services that might be needed before, during or after an incident.
  • Do your employees know how to report suspicious emails and activities?
  • Do you have a comprehensive and integrated communications plan to inform both internal and external audiences on incidents in a fast and effective way?

Practising response plans ensures your employees know how to respond during an incident, are clear on roles and responsibilities and can also highlight any problem areas in your planned response. Develop and regularly conduct tabletop exercises to evaluate and test your incident response plan and ensure there are no gaps.

Update your response plans

You should always update your response plans after every incident; or if there is a change in your team structure. Use the incident to improve on the security of your organization. If you can understand how the incident happened then you can potentially put new measures in place to prevent something similar happening again.

How can CyberCX help?

CyberCX provides organization-wide education and training support, backed by years of experience in learning and development. Find out about our simple, effective and measurable phishing training with our own Phriendly Phishing product, to build your workforce’s resilience against the most effective contemporary hacking technique, phishing.

Phriendly Phishing aims to create long-lasting learning and enhance the performance of both employees and organizations. Unlike other solutions, Phriendly Phishing provides learning that is continuously practised, tested and measured, all within a zero-touch automation learning path.

Ready to get started?

Find out how CyberCX can help your organization manage risk, respond to incidents and build cyber resilience.