The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. They are the operational lead for federal cybersecurity. CISA coordinates the execution of national cyber defense and critical infrastructure security and resilience. Designed for collaboration and partnership, CISA looks at the entire threat picture to work with partners across government and industry to defend against threats today and into the future.
Recently CISA released a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations.
The process behind phishing.
As highlighted in the CISA’s Phishing Infographic the first step is to select the “bait” that will entice the user to open the email. Usually in the form of taking an urgent call to action, the bait can be financial security alerts, organizational announcements, or user-specific alerts, such as training updates.
Next, threat actors set the hook. They only need a single user to compromise safety measure to execute a success exploitation. In order to increase their chances, they send a vast number of emails. According to the CISA, 1 out of every 10 emails sent by cybersecurity assessors had a user execute a malicious attachment or interact with a malicious link.
The last step is for the threat actors to reel in their “catch”. When an email is not blocked by a user or network by reaching its intended victim, the threat actors can then “feast” on sensitive information, credentials, or compromise systems. In tests run by CISA cybersecurity assessors they found the following:
70% of all attached files or links containing malware were not blocked by network protection services, like a firewall.
15% of all malicious attachments or links were not blocked by endpoint protections.
84% of employees took the bait by either replying with sensitive information or interacting with a spoofed link or attachment – in the first 10 minutes.
How to prevent being “hooked” in a phishing attack.
1.) Block the “bait”.
• Implement strong network border protections as an initial barrier to reduce the opportunity for successful phishing attempts.
• Configure email service to utilize protocols design to verify the legitimacy of email communications.
• Incorporate deny lists or cyber threat intelligence feeds into firewall rules to block known malicious domains, URLs, and IP addresses.
2.) Don’t take the “bait”.
• Educate your organization’s employees so they can recognize common indicators of phishing and suspicious emails.
• Support ongoing training programs that teach employees to keep their guard up on all communications platforms including social media.
3.) Report the “hook”.
• Have a policy to report suspicious communications for security review.
• When employees report malicious communication, have incident responders analyze the threat to help prevent additional system compromise and future attacks.
4.) Protect the “waters”.
• Enforce phishing-resistant multi-factor authentication (MFA).
• Have a data governance plan. Review and reduce the number of accounts with access to critical data and devices.
• Restrict administrative password sharing and re-use. Remove non-essential elevated privileges from users to reduce opportunities for privilege escalation.
• Add protections at endpoints as the last line of defense between users and threat actors. Including:
• Automate mandatory security updates for browsers, applications, software, and antivirus on all internet-accessible
end user devices
• Implement software restriction policies to allow only software necessary for business purposes on end user devices
• Implement an endpoint detection and response (EDR) solution to further monitor for and block malicious activity on end user devices.
Contact BridgeheadIT For A Security Assessment
Our team of cybersecurity experts will handle everything from employee security training and ransomware negotiations to End-Point Detection and Response (EDR), Extended Detection and Response (XDR) service deployments, alongside Managed Detection and Response (MDR) services. We conduct holistic security assessments to build a plan of action and bring your technology infrastructure to its maximum potential without compromising security.
Schedule a confidential meeting to discuss your cybersecurity needs and how we can improve your posture with layered security solutions.
WHAT IS PHISHING?
It is a form of social engineering in which a cyber threat actor poses as a trustworthy colleague, acquaintance, or organization to lure a victim into providing sensitive information or network access.
The best protection your business can achieve is a layered approach. Ordinary anti-virus (AV) software will not protect your business from cyberattacks
Total Technology Solutions For Your Business
Our services are engineered to meet the specific objectives of each client. That starts with having the right people, who are experts in their field to develop solutions that support our clients.
Thoughtful solutions, not quick fixes.