Phishing emails have become a common threat, most of us see something daily that has all the hallmarks of a phishing email. Symantec have recently released an Internet Security report (https://resource.elq.symantec.com/LP=5840?cid=70138000000rm1eAAA ) that told us that “Spear-phishing emails emerged as by far the most widely used infection vector, employed by 71 percent of groups.”.

Spear phishing is the practice of sending phishing emails that appear to be coming from a trusted sender, often facilitated via a password hack or through gaining login details via social engineering. While spam filters may stop some of these some still get through and once that email has breached your security, the last line of defence is your employees. No matter how much training you give on phishing emails, there’s always a danger from that one employee who maybe isn’t as tech savvy as the rest or didn’t make the cyber security training day you set up. Or the new starter who hasn’t completed the training yet, or the intern just in for a couple of days. That will be the employee that clicks on a link in an e-mail or downloads and opens the attachment without checking where it came from or what file type it is.

As we increase the spam filter levels with our mail providers to block more of these emails, undoubtedly there are emails that are incorrectly black listed and this can have a negative effect on business, whether it be a customer relationship or a project requiring some time sensitive information.

Training needs to be regular and engaging. Shorter training sessions can more often bring better results than one long session every few months. When it comes to less technical members of the team, then the training needs to be simple and high-level. Interactive and engaging training has been proven to work more effectively so it is important that your training provider can demonstrate this and ensure your staff are prepared to deal with this sort of threat.

Training, however, is not enough. An intelligent forward proxy that can take the decision out of the hands of the employees adds a layer of security that drastically reduces the risk. This device sits in between the internal network and the internet. If an employee clicks a link that the device knows to be dangerous then it will not make the connection to that URL for them. If they try to download an attachment that appears harmless, the proxy can assess whether it is a disguised executable or even pass the file to a sandbox for assessment before allowing the employee to download the file. At first glance a forward proxy may appear to be expensive but savings in the long run outweigh that initial cost; not only are you ensuring that you do not have the negative business impact of an attack via phishing email but you also reduce the need for training to get too complex, especially for your less technically minded employees.

Luke Sapiets

Technical Engineer – Cyber Security