Phishing is one of the most common ways that cybercriminals gain initial access to networks. A single response to a phishing email can be all it takes to compromise an entire network. These attacks can be incredibly costly. According to the 2024 Cost of a Data Breach Report from IBM, the average cost of a data breach that starts with phishing has risen to $4.88 million. According to the Federal Bureau of Investigation (FBI), phishing was the leading reason for reports of cybercrime to its Internet Crime Complaint Center in 2023.
The best way to gain access to an internal network is to ask someone with access (an employee) to provide that access. That is essentially what phishing is about. Phishing involves deception to gain access, tricking employees into disclosing their credentials or installing software that provides remote access, such as malware or a remote desktop solution. Social engineering techniques are used to convince the employee to take an action that benefits the attacker. That action may be required to fix a problem, such as preventing an avoidable charge to an account, correcting a security issue before it is exploited, or recovering a missing package.
Phishing often involves the impersonation of a trusted entity, which could be the CEO, HR department, colleague, vendor, lawyer, government entity, or a trusted business. Emails may impersonate a trusted individual or company, provide a plausible reason for clicking a link in an email or opening a file attachment. When links are included in emails, they often direct the user to a website that requires them to log in. The log-in box presented will be familiar as it will be a carbon copy of the brand that is being spoofed. When the credentials are entered, they are captured and used to remotely log into that user’s account. Alternatively, they may be directed to a web page and told they must download and open a file, which unbeknown to them, contains a malicious script that silently installs malware.
Phishing targets human weaknesses so one of the best solutions for combatting phishing is end user training. Training the workforce on how to identify a phishing attempt and providing an easy way for them to report potential phishing attempts is vital. Security awareness training should cover cyber threats and how to identify and avoid them, as well as teach cybersecurity best practices and why they are important. If a threat actor can get phishing content in front of an employee, whether that is via email, SMS message, social media, an instant messaging platform, or over the phone, they will be more likely to recognize that threat for what it is and take the appropriate action. Security awareness training is about strengthening your defensive line.
Training can be provided in a one-time training session, but that is unlikely to be effective. If your child wants to drive, you would not pay for a 1-hour lesson and expect them to pass their driving test. Multiple lessons are required along with a lot of practice, and as experience builds, they will become a better driver and learn how to react to situations they have not seen before. It is the same with security awareness training. Providing training frequently will build knowledge and understanding and that knowledge can then be tested and employees given practice at recognizing phishing attempts by using a phishing simulator.
The best defense against phishing is to ensure that no phishing attempt ever reaches an end user; however, in practice that is a major challenge. The aim should be to make it as difficult as possible for attackers to reach end users by implementing technical solutions that can recognize phishing attempts and block them before they are delivered. The primary technical defense is anti-spam software.
Anti-spam software can be provided as a cloud-based anti-spam service or an anti-spam gateway for on-premises email systems, through which all inbound and outbound emails must pass. A spam filter for incoming mail is essential for blocking the majority of phishing threats, but an outbound spam filter is also important for identifying phishing attempts from compromised internal mailboxes.
An anti-spam server must be capable of identifying and blocking malware threats. Spam filters include anti-virus software that scans for known malware signatures, but that is no longer enough. Malware is constantly changing and can easily defeat signature-based detection measures, so email sandboxing is also required. Sandboxing uses pattern filtering and behavioral analysis in a safe environment to identify malware by what it attempts to do. Since phishing attempts are becoming more sophisticated, often not including any malicious content in the emails – such as callback phishing – an anti-spam solution should have AI and machine learning capabilities, to predict phishing attempts by how they deviate from the standard messages received by a business.
Technical defenses will reduce the number of threats that employees encounter, and security awareness training will prepare the workforce in case a threat is not blocked. Further technical defenses should also be considered to combat phishing. Multifactor authentication is important for preventing unauthorized access in the event of an employee disclosing their credentials. With multifactor authentication, a username and password are not enough to grant access to an account. Since multifactor authentication can be circumvented with some of the more advanced phishing kits used by cybercriminals, robust MFA is required, often referred to as phishing-resistant MFA.
No single anti-phishing measure is sufficient on its own. Layered defenses are key to mounting a good defense against phishing, and this is an area where TitanHQ can help. TitanHQ can offer cutting-edge anti-spam software (SpamTitan) that has been shown to block 100% of known malware and, through sandboxing, block novel malware threats, and has a phishing and spam detection rate of over 99.99%. To block phishing threats in Microsoft 365 environments and to help security teams with remediation, TitanHQ offers the PhishTitan solution, and security awareness training and phishing simulations can be created and automated with the SafeTitan platform.
Give the TitanHQ team a call today to find out more about these anti-phishing measures and the team will help you with improving your defenses and getting started on a free trial of these solutions.