<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Ways to Protect Against Phishing

July 13, 2017

Phish protection

Just like the internet, phishing has evolved more and more over the years. Of the more than 537,000 phishing threats that were reported in the 2017 Global Spear Phishing Report, 91 percent (490,557) contained characteristics of display name spoofs.

Display name spoofs are where hackers impersonate a person familiar to a business user in order to fool the person into thinking the message came from a trusted source. It’s a very effective tactic, especially against a workforce that is deluged with incoming communication and traffic all day, every day.

Emails to Business Users Are Deemed Risky

In the study, direct spoofs were the second most popular attack type (8%) and domain lookalikes made up less than 1%of the phishing attacks.

The report from GreatHorn went to find that nearly 1% of all emails to business users have contained a specific characteristic, or characteristics, that were deemed risky. 

A figure that some would think was low, but in reality, is not - considering the volume of emails that workers send and receive was taken into consideration.

A 2015-19 report from the Radicati Group Email Statistics shows the average worker received 122 business emails per day in 2015 - and the report showed that this number was expected to grow through 2019.

What it boils down to is the average user faces at least one risky email per day, and it’s pretty safe to assume executives receive a ton more attention.

Unfortunately, as phishing attacks have become more common, companies are now viewing them as just another hazard of doing business. In the beginning there was a sense of confusion and amazement, now that has turned into weariness.

When phishing attacks first happened there was fear and alarm. Now, companies have just accepted it.

But this is a big mistake. Successful phishing attacks are still happening much easier than they should, because of out-of-date assumptions and very taxed security practices. It’s not too late, though, as things can be changed often quickly and simply.

Download the Protecting the Data eBook

Protect Yourself Against Phishing

In a recent post by Blueprint IT Security, they talk about how their clients have experienced the same common attacks found in the industry - ranging from credential phishing, business email compromise and booby-trapped attachment malware.

Blueprint goes on to say how ransomware has become the biggest category of malware phishing attacks.

You hear all the time to be “wary” of emails. But, at some point, you need to open emails, attachments or go onto unknown websites for your job.

In their recent post, Blueprint talks about what the best strategy is when it comes to try and fish out phishing. They go into how they always layer and involve a number of overlapping protections that mix the technical with the behavioral.

They go on and make some suggestions, beyond the obvious ones - such as ensuring backup is in place and the systems have been patched. Other ways to protect against phishing are:

Disabling Office Macros - Defense number one is to either disable them altogether or enable only from signed and trusted sources.

Authentication - The simplest implementation of this idea is the two-step verification system that is used by cloud services, but more sophisticated two-factor authentication and single sign-on is also worth considering.

Domain-based Authentication, Reporting & Conformance (DMARC) - It’s a mechanism that makes emails from domains using it difficult to spoof. It also protects a company, and its customers, from attackers who would impersonate their brand.

Encryption - The best protection from phishing is to encrypt data, so its contents can’t be held to ransom.

Anti-phishing Awareness - This should be a basic requirement from SME level and up. Not engaging at this level just leaves companies simply hoping for the best, which is never a good approach.

As you can see, phishing continues to be a major problem in the country, and around the world. And, as we read earlier in When Did Phising Become a Social Problem?, with 1.3 billion users logging onto their favorite social networking sites each month hackers are casting a wider net.

Because of the higher threat of phishing, the idea behind awareness training is to baseline the degree to which employees can be snared by test phishing scenarios, comparing their behavior when running the same tests weeks or months later. The best approach seems to be to start with a longer training session, running short monthly tests every month for a year.

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES