by Tonia Dudley, Security Solution Advisor, Cofense
In a recent 60 Minutes interview, Tesla founder Elon Musk said, “Humans are underrated.” His company had just boosted production by creating an extra assembly line, a makeshift affair in a parking lot, powered by people more than machines. The human factor made the critical difference. Which brings us to phishing attacks. Companies are seeking faster, more efficient phishing response.CofenseTM has spent years training users how to identify a malicious email, plus we’ve given them an “easy button” to report the message. But now what? We’ve overwhelmed our security operations teams with a flood of emails that contain anywhere from 10 to 15 percent of potential threats to the organization. And while it’s true that our phishing defense solutions make use of automation, customers, prospects, and the marketplace at large are showing a keen interest in human expertise. They mainly want results, of course—whatever stops phishing attacks in minutes, not hours or days, without blowing through human resources, time, or budget dollars. Following are two examples of how businesses are succeeding.
This company stopped a phishing attack in 19 minutes. When they got an email from their CEO, employees of a leading healthcare company took heed. Except the CEO hadn’t sent it. A crafty phisher had. The email asked employees to click on a link, taking them to a website to confirm their agreement with corporate policy. First, though, they had to log in with their network credentials. The attacker aimed to harvest passwords, gain file system access, and reroute electronic payroll deposits. And the attacker almost succeeded. Many employees took the bait. The email was extremely convincing, using the company’s logo and echoing language from its website. Fortunately, other employees remembered their security awareness training—the human factor at work on the front end of phishing defense—and reported the email within a minute of the attack. Those reports went directly to the Cofense Phishing Defense Center (PDC), which provides 24/7 monitoring and response— the human factor on the backend, where response cues mitigation. Theemailsunderwent automated analysis before being vetted by the PDC team. Within a couple of minutes, they verified the attack. The attacker “had really done his homework,” the healthcare company’s VP of Information Security would later say. “The email looked and sounded exactly as though our CEO had sent it.” Itwasasophisticatedtwist on business email compromise (BEC), which according to the FBI defrauds businesses of over $12 billion annually. A few more minutes ticked by, with more employees reporting the email. Using Cofense TriageTM—a platform that groups emails by malicious attributes and enables a response to entire campaigns, versus numerous one-off responses— the PDC now had enough evidence to alert the customer. After a quick consultation, the healthcare company blocked the phishing site and began mitigation. “We removed the email quickly,” the VP of Information Security told us. “Once we contained the threat, we started on repair and recovery work, seeing who clicked and mitigating problems linked to their accounts.” He added, “All of this was the result of a single well-crafted phishing email. If we hadn’t been prepared, the damage would have been worse.” Only 19 minutes elapsed from the moment the attacker struck to phishing response and mitigation. Thanks to a balance of man and machine, with humans providing insights automation can’t the company stopped an attempted breach before it could succeed, instead of waiting weeks or months before the alarm bells rang. Another company took just 10 minutes to block an active threat. Our second example comes from another Cofense customer. Employees at a multinational company reported emails sent, allegedly, by a credit card provider. The email landed in hundreds of inboxes and, as in the previous example, used counterfeit branding so employees would drop their guard.
The email told recipients that the credit card company had noticed unusual “recent activities” in their accounts. It then instructed employees to click a link to a My Account page, where they could verify and protect their personal information. The landing page asked for a wealth of personal data: name, social security number, email address, and more. This credential phish aimed to gather personal data, not company information, though armed with the employee’s personal details the attacker could have connected the dots and targeted the corporate network. Using a similar blend of automation and human intuition, this company’s incident responders were able to identify the threat and block the phishing domain—before a single employee entered data. Automated email analysis and clustering sped the response, but human verification and decisions stopped the threat. This time, it took only 10 minutes to detect, respond, and mitigate. According to the SOC analyst who managed the response, previously the cycle would have taken days. In the end, “set it and forget it” does help to block phishing attacks, but automation merely enables humans to do the job better. Conditioning employees to recognize and report phishing, plus equipping SOC teams to respond faster, is a more complete approach. Threat actors constantly tune their attacks to evade the security controls organizations like yours deploy. Technologies like email gateways miss phishing attacks all the time. That means your people need to be your last line of defense, general users as well as incident responders. Again, Cofense is finding that more companies value human expertise, both the home-grown variety and the kind delivered in managed services. If your organization needs help, don’t just push a button. It’s smart to count on humans with the smarts to work the machines.
About the Author
Tonia Dudley joined Cofense in 2018 as Director, Security Solution Advisor. In this role, she focuses on phishing defense advocacy while demonstrating how Cofense solutions help organizations across the globe minimize the impact of attacks while reducing the cost of operations. Tonia evangelizes Cofense’s approach to phishing defense and incident response to new and existing customers, prospects, and the information technology market through speaking engagements, publishing platforms, and media opportunities. Tonia also advises Cofense product teams on specific customer and market-driven needs to help streamline product roadmaps and create Cofense’s inaugural international customer advisory board. With more than a decade of cybersecurity experience, Tonia has managed programs in cybersecurity incident response, security awareness, and IT compliance for large global organizations. Her diverse career includes 14 years in finance roles at a national automotive retail chain, transitioning into IT roles over the next 12 years for a global manufacturing enterprise where she developed an interest in Cybersecurity. In 2011, she began building a robust security awareness program to focus on behavior instead of compliance. She then moved into the Financial Services industry for 3 ½ years to build a security awareness program. While working in the financial services industry, she participated in a working group to assist small firms with implementing a cybersecurity program to protect their firms. She has spoken at several cybersecurity and industry conferences on building successful security awareness and phishing programs. Her anti-phishing training programs have received three awards.